The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby prior to 3.0.4 as used in rubygem-moped allows remote malicious users to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mongodb bson |
||
fedoraproject fedora 21 |
||
fedoraproject fedora 22 |