CVE-2011-4838

EPSS 7.3%

jruby - security update

Published: 12/30/2011Modified: 4/28/2026

Description

JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

Affected packages (2)

Debian/jrubyfrom 0, < 1.5.6-4
Debian/jrubyfrom 0, < 1.5.1-1+deb6u1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2011-4838