The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a - instead of – and contains an inconsistent ID.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ruby | Yukihiro_matsumoto | 1.8 | 1.8 |