Closed mend-bolt-for-github[bot] closed 2 years ago
:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.
CVE-2017-16516 - High Severity Vulnerability
Vulnerable Library - yajl-ruby-1.3.1.gem
null
Library home page: https://rubygems.org/gems/yajl-ruby-1.3.1.gem
Path to vulnerable library: /github-services/vendor/cache/yajl-ruby-1.3.1.gem
Dependency Hierarchy: - :x: **yajl-ruby-1.3.1.gem** (Vulnerable Library)
Found in HEAD commit: 98d72e5af775802ce1f6fcc7a4c4360f6bac5097
Vulnerability Details
In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service.
Publish Date: 2017-11-03
URL: CVE-2017-16516
CVSS 3 Score Details (7.5)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Step up your Open Source Security Game with WhiteSource here