slanger 0.4.3
1 security vulnerability
found in version
0.4.3
Arbitrary command execution in slanger
critical severity CVE-2019-1010306
critical severity
CVE-2019-1010306
Patched versions:
>= 0.6.1
A remote attacker can execute arbitrary commands by sending a crafted request to the server.
This is due to the use of Oj.load instead of Oj.strict_load when processing messages.
Note that slanger is no longer maintained.
No officially reported memory leakage issues detected.
This gem version does not have any officially reported memory leaked issues.
No license issues detected.
This gem version has a license in the gemspec.
This gem version is available.
This gem version has not been yanked and is still available for usage.