WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ruby | Ruby-lang | 2.4.0 (including) | 2.4.7 (including) |
Ruby | Ruby-lang | 2.5.0 (including) | 2.5.6 (including) |
Ruby | Ruby-lang | 2.6.0 (including) | 2.6.4 (including) |