Denial of Service Vulnerability in Raven Ruby Gem by Sentry
CVE-2014-9490

Currently unrated

Key Information:

Vendor: Getsentry
Status: Raven-ruby
Vendor: CVE Published:; 20 January 2015

What is CVE-2014-9490?

The numtok function in the Raven Ruby Gem, specifically in the file lib/raven/okjson.rb, is susceptible to exploitation due to improperly handled large exponent values in scientific notation. This vulnerability allows attackers to facilitate a denial of service by sending a tailored request that triggers excessive resource consumption, potentially disrupting operations for users of the affected versions.

References

https://github.com/getsentry/raven-ruby/commit/477ee93a3f...

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/99687

vdb-entryx_refsource_XF

http://seclists.org/oss-sec/2015/q1/26

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 20, 2015
Vulnerability Reserved
Jan 3, 2015

CVE-2014-9490 Data

JSON

Getsentry

What is CVE-2014-9490?

References

Timeline