This repository has been archived by the owner on Oct 21, 2022. It is now read-only.
CVE-2017-16516 High Severity Vulnerability detected by WhiteSource #16
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
CVE-2017-16516 - High Severity Vulnerability
path: /var/lib/gems/2.3.0/cache/yajl-ruby-1.2.1.gem
Library home page: http://rubygems.org/gems/yajl-ruby-1.2.1.gem
Dependency Hierarchy:
In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service.
Publish Date: 2017-11-03
URL: CVE-2017-16516
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: