CVE-2011-4838
jruby - security update
EPSS 7.3%
Description
JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
How to fix CVE-2011-4838
To remediate CVE-2011-4838, upgrade the affected package to a fixed version below.
- Debian/jruby—upgrade to 1.5.6-4 or later
- Debian/jruby—upgrade to 1.5.1-1+deb6u1 or later
Is CVE-2011-4838 being exploited?
Moderate — EPSS is 7.3%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 1.5.6-4
- from 0, < 1.5.1-1+deb6u1