Posted by mame on 1 Oct 2019
Regular expression denial of service vulnerability of WEBrick’s Digest authentication module was found. An attacker can exploit this vulnerability to cause an effective denial of service against a WEBrick service.
CVE-2019-16201 has been assigned to this vulnerability.
All users running any affected releases should upgrade as soon as possible.
Affected Versions
- All releases that are Ruby 2.3 or earlier
- Ruby 2.4 series: Ruby 2.4.7 or earlier
- Ruby 2.5 series: Ruby 2.5.6 or earlier
- Ruby 2.6 series: Ruby 2.6.4 or earlier
- Ruby 2.7.0-preview1
- prior to master commit 36e057e26ef2104bc2349799d6c52d22bb1c7d03
Acknowledgement
Thanks to 358 for discovering this issue.
History
- Originally published at 2019-10-01 11:00:00 (UTC)