The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a crafted string.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-02-20T16:24:26
Updated: 2024-08-06T06:11:13.071Z
Reserved: 2015-06-06T00:00:00
Link: CVE-2015-4410
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-02-20T17:15:12.587
Modified: 2024-11-21T02:31:00.730
Link: CVE-2015-4410
Redhat