Fluid Attacks Database

Description

JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	jruby	>=0 <1.5.6-4	1.5.6-4
debian 13	jruby	>=0 <1.5.6-4	1.5.6-4
debian 14	jruby	>=0 <1.5.6-4	1.5.6-4

Aliases

1. CVE-2011-48382. NVD-2011-48383. OSV-DEBIAN-2011-48384. OSV-2011-48385. SECURITY-TRACKER-CVE-2011-4838

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.