Description
Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. NOTE: this issue is due to an incomplete fix for CVE-2013-4287.
Remediation
References
Related Vulnerabilities
WordPress Plugin WonderPlugin Audio Player Multiple Vulnerabilities (2.0)
WordPress Plugin Easy Registration Forms Unspecified Vulnerability (1.8.4)
WordPress Plugin Lockdown WP Admin Unspecified Vulnerability (1.1.2)
PostgreSQL Integer Overflow or Wraparound Vulnerability (CVE-2026-6473)
WordPress Plugin Vision Interactive For WordPress Cross-Site Scripting (1.4.4)