Vulnerabilites related to jruby - jruby
cve-2012-5370
Vulnerability from cvelistv5
Published
2012-11-28 11:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4838.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=880671 | x_refsource_CONFIRM | |
| http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf | x_refsource_MISC | |
| https://www.131002.net/data/talks/appsec12_slides.pdf | x_refsource_MISC | |
| http://2012.appsec-forum.ch/conferences/#c17 | x_refsource_MISC | |
| http://www.ocert.org/advisories/ocert-2012-001.html | x_refsource_MISC | |
| http://rhn.redhat.com/errata/RHSA-2013-0533.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=880671"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.131002.net/data/talks/appsec12_slides.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://2012.appsec-forum.ch/conferences/#c17"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2012-001.html"
},
{
"name": "RHSA-2013:0533",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0533.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4838."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-01-13T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=880671"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.131002.net/data/talks/appsec12_slides.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://2012.appsec-forum.ch/conferences/#c17"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2012-001.html"
},
{
"name": "RHSA-2013:0533",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0533.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4838."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=880671",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=880671"
},
{
"name": "http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf",
"refsource": "MISC",
"url": "http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf"
},
{
"name": "https://www.131002.net/data/talks/appsec12_slides.pdf",
"refsource": "MISC",
"url": "https://www.131002.net/data/talks/appsec12_slides.pdf"
},
{
"name": "http://2012.appsec-forum.ch/conferences/#c17",
"refsource": "MISC",
"url": "http://2012.appsec-forum.ch/conferences/#c17"
},
{
"name": "http://www.ocert.org/advisories/ocert-2012-001.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2012-001.html"
},
{
"name": "RHSA-2013:0533",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0533.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5370",
"datePublished": "2012-11-28T11:00:00",
"dateReserved": "2012-10-10T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1330
Vulnerability from cvelistv5
Published
2012-11-23 19:00
Modified
2024-08-07 01:21
Severity ?
EPSS score ?
Summary
The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=750306 | x_refsource_MISC | |
| http://rhn.redhat.com/errata/RHSA-2011-1456.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugs.gentoo.org/show_bug.cgi?id=317435 | x_refsource_MISC | |
| http://www.osvdb.org/77297 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/46891 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/80277 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:21:18.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=750306"
},
{
"name": "RHSA-2011:1456",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1456.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=317435"
},
{
"name": "77297",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/77297"
},
{
"name": "46891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46891"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html"
},
{
"name": "jruby-expression-engine-xss(80277)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80277"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The regular expression engine in JRuby before 1.4.1, when $KCODE is set to \u0027u\u0027, does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=750306"
},
{
"name": "RHSA-2011:1456",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1456.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=317435"
},
{
"name": "77297",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/77297"
},
{
"name": "46891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46891"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html"
},
{
"name": "jruby-expression-engine-xss(80277)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80277"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The regular expression engine in JRuby before 1.4.1, when $KCODE is set to \u0027u\u0027, does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=750306",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=750306"
},
{
"name": "RHSA-2011:1456",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2011-1456.html"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=317435",
"refsource": "MISC",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=317435"
},
{
"name": "77297",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77297"
},
{
"name": "46891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46891"
},
{
"name": "http://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html",
"refsource": "CONFIRM",
"url": "http://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html"
},
{
"name": "jruby-expression-engine-xss(80277)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80277"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1330",
"datePublished": "2012-11-23T19:00:00",
"dateReserved": "2010-04-08T00:00:00",
"dateUpdated": "2024-08-07T01:21:18.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4838
Vulnerability from cvelistv5
Published
2011-12-30 01:00
Modified
2024-08-07 00:16
Severity ?
EPSS score ?
Summary
JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.nruns.com/_downloads/advisory28122011.pdf | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/72019 | vdb-entry, x_refsource_XF | |
| http://jruby.org/2011/12/27/jruby-1-6-5-1.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/50084 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/47407 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.kb.cert.org/vuls/id/903934 | third-party-advisory, x_refsource_CERT-VN | |
| http://rhn.redhat.com/errata/RHSA-2012-1232.html | vendor-advisory, x_refsource_REDHAT | |
| http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html | mailing-list, x_refsource_BUGTRAQ | |
| http://security.gentoo.org/glsa/glsa-201207-06.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.ocert.org/advisories/ocert-2011-003.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:34.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nruns.com/_downloads/advisory28122011.pdf"
},
{
"name": "jruby-hash-dos(72019)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72019"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://jruby.org/2011/12/27/jruby-1-6-5-1.html"
},
{
"name": "50084",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50084"
},
{
"name": "47407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47407"
},
{
"name": "VU#903934",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/903934"
},
{
"name": "RHSA-2012:1232",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1232.html"
},
{
"name": "20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html"
},
{
"name": "GLSA-201207-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201207-06.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2011-003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nruns.com/_downloads/advisory28122011.pdf"
},
{
"name": "jruby-hash-dos(72019)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72019"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://jruby.org/2011/12/27/jruby-1-6-5-1.html"
},
{
"name": "50084",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50084"
},
{
"name": "47407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47407"
},
{
"name": "VU#903934",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/903934"
},
{
"name": "RHSA-2012:1232",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1232.html"
},
{
"name": "20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html"
},
{
"name": "GLSA-201207-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201207-06.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2011-003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.nruns.com/_downloads/advisory28122011.pdf",
"refsource": "MISC",
"url": "http://www.nruns.com/_downloads/advisory28122011.pdf"
},
{
"name": "jruby-hash-dos(72019)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72019"
},
{
"name": "http://jruby.org/2011/12/27/jruby-1-6-5-1.html",
"refsource": "CONFIRM",
"url": "http://jruby.org/2011/12/27/jruby-1-6-5-1.html"
},
{
"name": "50084",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50084"
},
{
"name": "47407",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47407"
},
{
"name": "VU#903934",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/903934"
},
{
"name": "RHSA-2012:1232",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1232.html"
},
{
"name": "20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html"
},
{
"name": "GLSA-201207-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201207-06.xml"
},
{
"name": "http://www.ocert.org/advisories/ocert-2011-003.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2011-003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4838",
"datePublished": "2011-12-30T01:00:00",
"dateReserved": "2011-12-15T00:00:00",
"dateUpdated": "2024-08-07T00:16:34.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2012-11-23 19:55
Modified
2024-11-21 01:14
Severity ?
Summary
The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jruby | jruby | * | |
| jruby | jruby | 0.9.0 | |
| jruby | jruby | 0.9.1 | |
| jruby | jruby | 0.9.2 | |
| jruby | jruby | 0.9.8 | |
| jruby | jruby | 0.9.9 | |
| jruby | jruby | 1.0.0 | |
| jruby | jruby | 1.0.0 | |
| jruby | jruby | 1.0.0 | |
| jruby | jruby | 1.0.0 | |
| jruby | jruby | 1.0.1 | |
| jruby | jruby | 1.0.2 | |
| jruby | jruby | 1.0.3 | |
| jruby | jruby | 1.1 | |
| jruby | jruby | 1.1 | |
| jruby | jruby | 1.1 | |
| jruby | jruby | 1.1 | |
| jruby | jruby | 1.1 | |
| jruby | jruby | 1.1.1 | |
| jruby | jruby | 1.1.2 | |
| jruby | jruby | 1.1.3 | |
| jruby | jruby | 1.1.4 | |
| jruby | jruby | 1.1.5 | |
| jruby | jruby | 1.1.6 | |
| jruby | jruby | 1.1.6 | |
| jruby | jruby | 1.2.0 | |
| jruby | jruby | 1.2.0 | |
| jruby | jruby | 1.2.0 | |
| jruby | jruby | 1.3.0 | |
| jruby | jruby | 1.3.0 | |
| jruby | jruby | 1.3.0 | |
| jruby | jruby | 1.3.1 | |
| jruby | jruby | 1.4.0 | |
| jruby | jruby | 1.4.0 | |
| jruby | jruby | 1.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jruby:jruby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B80E8A57-557B-4D0D-B8E1-5ACFC3864076",
"versionEndIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8ECBD08-C9A8-4792-AA14-86DCF91ADD89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48B3DCBA-8AE8-4881-BC18-0E42744C1BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "07D80333-29EC-4B02-BA8E-C0AE60BE6995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "19C4CED7-9603-4DCD-A4A2-E4C7347E6012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5DA067-102D-4E1D-B4AD-D8BF8AF91784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7F90C2-F634-44F7-AD72-87510766CA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "711C01B9-73B3-4AD9-B2EF-EB6B1CEB0CAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "65C64ADD-B3D5-4B61-B14A-8DEEB2E1454E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "98C80996-F729-4995-9A47-8A702B1FE3E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11128A71-8F6D-433A-AC80-676F9037A1C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3044A80-8363-4D7B-AB01-CADBFA3E1924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "20D15245-4C9C-4908-B8E2-4A2911411D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61AC6C28-AFE2-452F-9A41-C2D6C8325F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.1:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E1CD53B5-AF00-4BC0-8EFF-90A9B0E59AD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ABBB5044-5CE4-4468-AFFC-33EB990B439D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "68690546-7A76-461F-BBE1-75A7623941C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "63D29E5A-E9D1-42E5-BC0C-178346C2BC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "94054B2C-AB94-4933-93E5-614066161723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E985731A-CBC1-4062-A7C4-2F024814EBEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "448C60BB-3AA6-4ED5-A331-F44F03C1A73F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "12940080-34DE-423B-81FE-FE11077FD2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9A2435BC-A0C7-4AFC-87A5-6D8DD61213BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FA36C6E8-FD6D-4837-9215-4E435002C872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.1.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FC70B7A2-C2A5-4C3F-A1EA-8E75615E427B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF36A49-C7CA-443A-A417-280E2A9441DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "41A7FE25-F683-4F98-8775-87BA051ABCC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5589BD4B-5D43-48C7-81CE-3B2D95430862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56EAA3B9-30D0-4AF2-B62B-1EC7500A6FDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "349F615A-2049-448E-BE34-97BA95B671AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "25DFE1EC-A25C-4117-94AB-703F8BFA22B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81F0914B-600F-4B85-B014-B31B9D04C5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7CEDA605-20AC-4BA4-B5AF-F50F1E568A59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6007AD9D-D375-45C6-AC10-54EB3C493EDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "54071574-B344-468D-B331-0B354B15633D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The regular expression engine in JRuby before 1.4.1, when $KCODE is set to \u0027u\u0027, does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string."
},
{
"lang": "es",
"value": "El motor de expresiones regulares en JRuby anterior a v1.4.1, cuando $KCODE est\u00e1 fijado en \u0027u\u0027, no trata correctamente los caracteres inmediatamente despu\u00e9s de caracteres UTF-8, permitiendo a atacantes remotos realizar ataques de tipo \"cross-site scripting\" (XSS) mediante una cadena manipulada."
}
],
"id": "CVE-2010-1330",
"lastModified": "2024-11-21T01:14:09.743",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-11-23T19:55:01.273",
"references": [
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2011-1456.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46891"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/77297"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=317435"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=750306"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2011-1456.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/77297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=317435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=750306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80277"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-28 13:03
Modified
2024-11-21 01:44
Severity ?
Summary
JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4838.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jruby:jruby:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7AC52FE-91E7-40C9-B4DE-AD35FB630397",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4838."
},
{
"lang": "es",
"value": "JRuby calcula los valores de hash sin restringir la posibilidad de provocar colisiones hash previsibles, lo que permite a atacantes dependientes de contexto provocar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de la manipulaci\u00f3n de una entrada para la aplicaci\u00f3n que mantiene la tabla de valores hash, como lo demuestra un ataque universal multicolision contra el algoritmo MurmurHash2, es una vulnerabilidad diferente a CVE-2011-4838."
}
],
"id": "CVE-2012-5370",
"lastModified": "2024-11-21T01:44:36.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-11-28T13:03:10.057",
"references": [
{
"source": "cve@mitre.org",
"url": "http://2012.appsec-forum.ch/conferences/#c17"
},
{
"source": "cve@mitre.org",
"url": "http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0533.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.ocert.org/advisories/ocert-2012-001.html"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=880671"
},
{
"source": "cve@mitre.org",
"url": "https://www.131002.net/data/talks/appsec12_slides.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://2012.appsec-forum.ch/conferences/#c17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0533.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ocert.org/advisories/ocert-2012-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=880671"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.131002.net/data/talks/appsec12_slides.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-12-30 01:55
Modified
2024-11-21 01:33
Severity ?
Summary
JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jruby:jruby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3DE8162-6FF2-4CDC-B66A-3D06AE5D7CB5",
"versionEndExcluding": "1.6.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table."
},
{
"lang": "es",
"value": "JRuby anterior a v1.6.5.1 calcula los valores de hash sin restringir la capacidad de desencadenar colisiones hash predecible, que permite a atacantes dependientes de contexto causar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de entrada dise\u00f1ado para una aplicaci\u00f3n que mantiene una tabla hash."
}
],
"id": "CVE-2011-4838",
"lastModified": "2024-11-21T01:33:06.217",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-12-30T01:55:01.500",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://jruby.org/2011/12/27/jruby-1-6-5-1.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1232.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/47407"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/50084"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201207-06.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/903934"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.nruns.com/_downloads/advisory28122011.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ocert.org/advisories/ocert-2011-003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jruby.org/2011/12/27/jruby-1-6-5-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1232.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/47407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/50084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201207-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/903934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.nruns.com/_downloads/advisory28122011.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ocert.org/advisories/ocert-2011-003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72019"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}