CVE-2014-9490: Denial of Service

January 20, 2015 (updated August 13, 2018)

Sentry raven-ruby contains a flaw in the lib/raven/okjson.rb script that is triggered when large numeric values are stored as an exponent or in scientific notation. With a specially crafted request, an attacker can cause the software to consume excessive resources resulting in a denial of service.

References

osvdb.org/show/osvdb/115654

Detect and mitigate CVE-2014-9490 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →