Jruby : Security Vulnerabilities, CVEs, CVSS score >= 5
JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4838.
Max CVSS
5.0
EPSS Score
0.23%
Published
2012-11-28
Updated
2015-01-18
JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
Max CVSS
5.0
EPSS Score
0.98%
Published
2011-12-30
Updated
2021-01-12
The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-12-12
Updated
2023-12-14
3 vulnerabilities found