WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network.
References
Configurations
History
30 Apr 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-11-26 18:15
Updated : 2024-02-04 20:39
NVD link : CVE-2019-16201
Mitre link : CVE-2019-16201
CVE.ORG link : CVE-2019-16201
JSON object : View
Products Affected
debian
- debian_linux
ruby-lang
- ruby
CWE
CWE-287
Improper Authentication