Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2014-9490
Vulnerability from gsd - Updated: 2014-12-08 00:00Details
Sentry raven-ruby contains a flaw in the lib/raven/okjson.rb script that is triggered when large numeric values are stored as an exponent or in scientific notation. With a specially crafted request, an attacker can cause the software to consume excessive resources resulting in a denial of service.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-9490",
"description": "The numtok function in lib/raven/okjson.rb in the raven-ruby gem before 0.12.2 for Ruby allows remote attackers to cause a denial of service via a large exponent value in a scientific number.",
"id": "GSD-2014-9490"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "sentry-raven",
"purl": "pkg:gem/sentry-raven"
}
}
],
"aliases": [
"CVE-2014-9490",
"OSVDB-115654"
],
"details": "Sentry raven-ruby contains a flaw in the lib/raven/okjson.rb script that is triggered when large numeric values are stored as an exponent or in scientific notation. With a specially crafted request, an attacker can cause the software to consume excessive resources resulting in a denial of service.",
"id": "GSD-2014-9490",
"modified": "2014-12-08T00:00:00.000Z",
"published": "2014-12-08T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9490"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 5.0,
"type": "CVSS_V2"
}
],
"summary": "sentry-raven Gem for Ruby contains a flaw that can result in a denial of service"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The numtok function in lib/raven/okjson.rb in the raven-ruby gem before 0.12.2 for Ruby allows remote attackers to cause a denial of service via a large exponent value in a scientific number."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/getsentry/raven-ruby/commit/477ee93a3f735be33bc1e726820654cdf6e22d8f",
"refsource": "CONFIRM",
"url": "https://github.com/getsentry/raven-ruby/commit/477ee93a3f735be33bc1e726820654cdf6e22d8f"
},
{
"name": "ravenruby-cve20149490-dos(99687)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99687"
},
{
"name": "[oss-security] 20150103 Re: CVE Request",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q1/26"
},
{
"name": "https://groups.google.com/forum/#!topic/getsentry/Cz5bih0ZY1U",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/getsentry/Cz5bih0ZY1U"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2014-9490",
"cvss_v2": 5.0,
"date": "2014-12-08",
"description": "Sentry raven-ruby contains a flaw in the lib/raven/okjson.rb script that is triggered when large numeric values are stored as an exponent or in scientific notation. With a specially crafted request, an attacker can cause the software to consume excessive resources resulting in a denial of service.",
"gem": "sentry-raven",
"osvdb": 115654,
"patched_versions": [
"\u003e= 0.12.2"
],
"title": "sentry-raven Gem for Ruby contains a flaw that can result in a denial of service",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9490"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c0.12.2",
"affected_versions": "All versions before 0.12.2",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cwe_ids": [
"CWE-1035",
"CWE-399",
"CWE-937"
],
"date": "2018-08-13",
"description": "Sentry raven-ruby contains a flaw in the lib/raven/okjson.rb script that is triggered when large numeric values are stored as an exponent or in scientific notation. With a specially crafted request, an attacker can cause the software to consume excessive resources resulting in a denial of service.",
"fixed_versions": [
"0.12.2"
],
"identifier": "CVE-2014-9490",
"identifiers": [
"CVE-2014-9490"
],
"not_impacted": "All versions starting from 0.12.2",
"package_slug": "gem/sentry-raven",
"pubdate": "2015-01-20",
"solution": "Upgrade to version 0.12.2 or above.",
"title": "Denial of Service",
"urls": [
"http://osvdb.org/show/osvdb/115654"
],
"uuid": "3919f31c-1c8e-4306-9398-a586ad744122"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:getsentry:raven-ruby:*:*:*:*:*:ruby:*:*",
"cpe_name": [],
"versionEndIncluding": "0.12.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9490"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The numtok function in lib/raven/okjson.rb in the raven-ruby gem before 0.12.2 for Ruby allows remote attackers to cause a denial of service via a large exponent value in a scientific number."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/getsentry/raven-ruby/commit/477ee93a3f735be33bc1e726820654cdf6e22d8f",
"refsource": "CONFIRM",
"tags": [],
"url": "https://github.com/getsentry/raven-ruby/commit/477ee93a3f735be33bc1e726820654cdf6e22d8f"
},
{
"name": "[oss-security] 20150103 Re: CVE Request",
"refsource": "MLIST",
"tags": [],
"url": "http://seclists.org/oss-sec/2015/q1/26"
},
{
"name": "ravenruby-cve20149490-dos(99687)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99687"
},
{
"name": "https://groups.google.com/forum/#!topic/getsentry/Cz5bih0ZY1U",
"refsource": "CONFIRM",
"tags": [],
"url": "https://groups.google.com/forum/#!topic/getsentry/Cz5bih0ZY1U"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2018-08-13T21:47Z",
"publishedDate": "2015-01-20T15:59Z"
}
}
}