VYPR

Jruby

by Jruby

CVEs (3)

  • CVE-2012-5370Nov 28, 2012
    risk 0.00cvss epss 0.02

    JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by…

  • CVE-2010-1330Nov 23, 2012
    risk 0.00cvss epss 0.02

    The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.

  • CVE-2011-4838Dec 30, 2011
    risk 0.00cvss epss 0.04

    JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.