Jruby : Security Vulnerabilities, CVEs, CVSS score >= 4
JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4838.
Max CVSS
5.0
EPSS Score
0.23%
Published
2012-11-28
Updated
2015-01-18
JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
Max CVSS
5.0
EPSS Score
0.98%
Published
2011-12-30
Updated
2021-01-12
The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.
Max CVSS
4.3
EPSS Score
0.47%
Published
2012-11-23
Updated
2021-01-12
The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-12-12
Updated
2023-12-14
4 vulnerabilities found