CVE-2015-4410

Exploit

EPSS 2.28%
Published 20.02.2020 17:15:12
Last modified 21.11.2024 02:31:00
Source cve@mitre.org
Teams watchlist Login
Open Login

The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a crafted string.

Affected products Warnungen 0 Metrics 3 CWE 1 References 13

Data is provided by the National Vulnerability Database (NVD)

Moped Project ≫ Moped Version- SwPlatformruby

Fedoraproject ≫ Fedora Version21

Fedoraproject ≫ Fedora Version22

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.28%	0.832

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.openwall.com/lists/oss-security/2015/06/06/3

Third Party Advisory

Mailing List

http://www.securityfocus.com/bid/75045

Third Party Advisory

VDB Entry

https://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html

Third Party Advisory

Exploit

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161964.html

Third Party Advisory

Mailing List