CVE-2011-5036: Hash Collision Form Parameter Parsing Remote DoS

December 29, 2011 (updated October 30, 2013)

This package contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption.

References

osvdb.org/show/osvdb/78121
github.com/rack/rack/commit/09c5e53f11a491c25bef873ed146842f3cd03228

Code Behaviors & Features

Detect and mitigate CVE-2011-5036 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →