First published: Tue Jun 09 2015(Updated: )
The `Moped::BSON::ObjecId.legal?` method in `mongodb/bson-ruby` before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
rubygems/bson | <3.0.4 | 3.0.4 |
Mongodb Bson | <3.0.4 | |
Fedoraproject Fedora | =21 | |
Fedoraproject Fedora | =22 | |
debian/ruby-bson | 4.10.0-2 4.15.0-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.