|
|
Subscribe / Log in / New account

rubygem-moped: denial of service

Package(s):rubygem-moped CVE #(s):CVE-2015-4411
Created:July 14, 2015 Updated:July 15, 2015
Description: From the Red Hat bugzilla:

The following Denial of Service issue was discovered in Moped Ruby gem:

If a crafted value will be passed to Moped::BSON::ObjecId.legal? method, this will cause Moped to think MongoDB is down, and ping it 39 more times with intervals. In other words, Moped will keep a worker busy for 5 seconds and make x40 requests to MongoDB.

This covers an incomplete fix for CVE-2015-4410.

Alerts:
Fedora FEDORA-2015-11138 rubygem-moped 2015-07-14
Fedora FEDORA-2015-11070 rubygem-moped 2015-07-14
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds