Denial of Service (DoS)

Affecting sequel gem, versions <3.45.0 ,>=3.37.0

medium severity

Overview

sequel is a Database Toolkit for Ruby.

Affected versions of the package are vulnerable to Denial of Service (DoS) and unsafe object creation vulnerabilities. When parsing certain JSON documents, it can be tricked into creating Ruby symbols in the target system.

Remediation

Upgrade sequel to version 3.45.0 or higher.

References

Do your applications use this vulnerable package?

Credit
Jeremy Evans
CWE
CWE-400
Snyk ID
SNYK-RUBY-SEQUEL-20443
Disclosed
10 Feb, 2013
Published
10 Jan, 2018