Description
Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash.
References (4)
Core 4
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/svenfuchs/i18n/releases/tag/v0.8.0
Patch, Third Party Advisory x_refsource_misc
https://github.com/rubysec/ruby-advisory-db/pull/182/files
Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/11/msg00021.html
Patch, Third Party Advisory x_refsource_misc
https://github.com/svenfuchs/i18n/pull/289
Scores
CVSS v3
7.5
EPSS
0.0131
EPSS Percentile
80.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (3)
debian/debian_linux
8.0
i18n_project/i18n
< 0.8.0
rubygems/i18n
0 - 0.8.0RubyGems
Published
Nov 06, 2018
Tracked Since
Feb 18, 2026