Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems prior to 1.8.23.2, 1.8.24 up to and including 1.8.26, 2.0.x prior to 2.0.10, and 2.1.x prior to 2.1.5, as used in Ruby 1.9.0 up to and including 2.0.0p247, allows remote malicious users to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. NOTE: this issue is due to an incomplete fix for CVE-2013-4287.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
rubygems rubygems 2.1.4 |
||
rubygems rubygems |
||
rubygems rubygems 2.0.2 |
||
rubygems rubygems 2.0.3 |
||
rubygems rubygems 1.8.24 |
||
rubygems rubygems 1.8.25 |
||
rubygems rubygems 1.8.13 |
||
rubygems rubygems 1.8.14 |
||
rubygems rubygems 1.8.21 |
||
rubygems rubygems 1.8.22 |
||
rubygems rubygems 1.8.9 |
||
rubygems rubygems 2.1.0 |
||
rubygems rubygems 2.0.0 |
||
rubygems rubygems 2.0.4 |
||
rubygems rubygems 2.0.5 |
||
rubygems rubygems 1.8.26 |
||
rubygems rubygems 1.8.0 |
||
rubygems rubygems 1.8.15 |
||
rubygems rubygems 1.8.16 |
||
rubygems rubygems 1.8.17 |
||
rubygems rubygems 1.8.3 |
||
rubygems rubygems 1.8.4 |
||
rubygems rubygems 2.1.2 |
||
rubygems rubygems 2.1.3 |
||
rubygems rubygems 2.0.1 |
||
rubygems rubygems 2.0.8 |
||
rubygems rubygems 2.0.9 |
||
rubygems rubygems 1.8.11 |
||
rubygems rubygems 1.8.12 |
||
rubygems rubygems 1.8.2 |
||
rubygems rubygems 1.8.20 |
||
rubygems rubygems 1.8.7 |
||
rubygems rubygems 1.8.8 |
||
rubygems rubygems 2.1.1 |
||
rubygems rubygems 2.0.6 |
||
rubygems rubygems 2.0.7 |
||
rubygems rubygems 1.8.1 |
||
rubygems rubygems 1.8.10 |
||
rubygems rubygems 1.8.18 |
||
rubygems rubygems 1.8.19 |
||
rubygems rubygems 1.8.5 |
||
rubygems rubygems 1.8.6 |
||
ruby-lang ruby 1.9.3 |
||
ruby-lang ruby 2.0.0 |
||
ruby-lang ruby 1.9 |
||
ruby-lang ruby 1.9.1 |
||
ruby-lang ruby 2.0 |
||
ruby-lang ruby 1.9.2 |
Vulmon