RubySec

Providing security resources for the Ruby community

OSVDB-114600 (curb): curb Gem for Ruby Empty http_put Body Handling Remote DoS

ADVISORIES

  • OSVDB-114600

GEM

curb

PATCHED VERSIONS

  • >= 0.7.8

DESCRIPTION

curb Gem for Ruby contains a flaw that is triggered when handling an empty http_put body. This may allow a remote attacker to crash an application linked against the library.