VYPR
Moderate severityNVD Advisory· Published Dec 16, 2019· Updated Aug 5, 2024

In RubyGem excon, interrupted Persistent Connections May Leak Response Data

CVE-2019-16779

Description

In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short, and it would be difficult to purposefully exploit this.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
exconRubyGems
< 0.71.00.71.0

Affected products

5

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.