Description

Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

Remediation

References

CVE-2011-4815

Related Vulnerabilities

Jenkins Other Vulnerability (CVE-2020-2100)

osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-24917)

MySQL CVE-2020-2806 Vulnerability (CVE-2020-2806)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-23801)

WordPress Plugin WP Photo Album Plus Unspecified Vulnerability (7.2.04)

Severity

High

Classification

CVE-2011-4815 CWE-20

Tags

Missing Update Known Vulnerabilities