The URI.decode_www_form_component method in Ruby prior to 1.9.2-p330 allows remote malicious users to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ruby-lang ruby |