Ruby 2.3.x and 2.2.x still bundle DoS vulnerable verision of libYAML
Medium
Vulnerability Details
libYAML 0.1.6 (and 0.1.5) has a DoS vulnerablitity known as [CVE-2014-9130](http://www.cvedetails.com/cve/CVE-2014-9130/).
Now Ruby 2.4.x bundles fixed version 0.1.7, but 2.3.x and 2.2.x still bundle 0.1.6.
Note that I'm the maintainer of Ruby 2.3.x and 2.2.x.
Therefore, this report is a kind of remainder.
Actions
View on HackerOneReport Stats
- Report ID: 235842
- State: Closed
- Substate: resolved
- Upvotes: 3