excon 0.31.0
1 security vulnerability
found in version
0.31.0
Race condition when using persistent connections
medium severity CVE-2019-16779
medium severity
CVE-2019-16779
Patched versions:
>= 0.71.0
There was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short, and it would be difficult to purposefully exploit this.
Users can workaround the problem by disabling persistent connections, though this may cause performance implications.
No officially reported memory leakage issues detected.
This gem version does not have any officially reported memory leaked issues.
No license issues detected.
This gem version has a license in the gemspec.
This gem version is available.
This gem version has not been yanked and is still available for usage.