CVE-2014-10077 (High) detected in i18n-0.6.11.gem - autoclosed

[mend-bolt-for-github]

CVE-2014-10077 - High Severity Vulnerability

Vulnerable Library - i18n-0.6.11.gem

New wave Internationalization support for Ruby.

Library home page: https://rubygems.org/gems/i18n-0.6.11.gem

Path to dependency file: /vagrant/chef/cookbooks/nmap/Gemfile.lock

Path to vulnerable library: /tmp/containerbase/cache/.ruby/cache/i18n-0.6.11.gem

Dependency Hierarchy:

• vagrant-1.0.7.gem (Root Library)
  • ❌ i18n-0.6.11.gem (Vulnerable Library)

Found in base branch: master

Vulnerability Details

Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash.

Publish Date: 2018-11-06

URL: CVE-2014-10077

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2014-10077

Release Date: 2018-11-06

Fix Resolution: 0.8.0

---

Step up your Open Source Security Game with Mend here

[mend-bolt-for-github]

✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.