CVE-2019-16201 log

Source
Severity Medium
Remote Yes
Type Denial of service
Description
It has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is vulnerable to denial of service via regular expressions in WEBrick's Digest access authentication module. An attacker can exploit this vulnerability to cause an effective denial of service against a WEBrick service.
Group Package Affected Fixed Severity Status Ticket
AVG-1040 ruby2.5 2.5.6-1 2.5.7-1 Medium Fixed FS#63977
AVG-1039 ruby 2.6.4-1 2.6.5-1 Medium Fixed FS#63977
Date Advisory Group Package Severity Type
02 Oct 2019 ASA-201910-5 AVG-1040 ruby2.5 Medium multiple issues
02 Oct 2019 ASA-201910-2 AVG-1039 ruby Medium multiple issues
References
https://www.ruby-lang.org/en/news/2019/10/01/webrick-regexp-digestauth-dos-cve-2019-16201/