CVE-2017-16516 High Severity Vulnerability detected by WhiteSource #16

mend-bolt-for-github · 2019-02-12T01:07:31Z

CVE-2017-16516 - High Severity Vulnerability

Vulnerable Library - yajl-ruby-1.2.1.gem

path: /var/lib/gems/2.3.0/cache/yajl-ruby-1.2.1.gem

Library home page: http://rubygems.org/gems/yajl-ruby-1.2.1.gem

Dependency Hierarchy:

pygments.rb-0.6.3.gem (Root Library)
- ❌ yajl-ruby-1.2.1.gem (Vulnerable Library)

Vulnerability Details

In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service.

Publish Date: 2017-11-03

URL: CVE-2017-16516

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Feb 12, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2017-16516 High Severity Vulnerability detected by WhiteSource #16

CVE-2017-16516 High Severity Vulnerability detected by WhiteSource #16

mend-bolt-for-github bot commented Feb 12, 2019

CVE-2017-16516 High Severity Vulnerability detected by WhiteSource #16

CVE-2017-16516 High Severity Vulnerability detected by WhiteSource #16

Comments

mend-bolt-for-github bot commented Feb 12, 2019

CVE-2017-16516 - High Severity Vulnerability