CVE-2014-10077 (High) detected in i18n-0.7.0.gem

[mend-bolt-for-github]

CVE-2014-10077 - High Severity Vulnerability

Vulnerable Library - i18n-0.7.0.gem

New wave Internationalization support for Ruby.

Library home page: https://rubygems.org/gems/i18n-0.7.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/i18n-0.7.0.gem

Dependency Hierarchy:

• mediawiki_selenium-1.7.1.gem (Root Library)
  • page-object-1.1.1.gem
    • page_navigation-0.9.gem
      • data_magic-0.22.gem
        • faker-1.6.3.gem
          • ❌ i18n-0.7.0.gem (Vulnerable Library)

Found in HEAD commit: 0164c52b1f168fc3c92e6885304a3a40a833cb1e

Found in base branch: DevBranch

Vulnerability Details

Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash.

Publish Date: 2018-11-06

URL: CVE-2014-10077

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2014-10077

Release Date: 2018-11-06

Fix Resolution: 0.8.0

---

Step up your Open Source Security Game with Mend here