CVE-2013-4363 (Algorithmic Complexity Vulnerability in RubyGems)

  • Posted December 26, 2013

  • Assessed Risk Level: Low

RubyGems validates versions with a regular expression that is vulnerable to attackers causing denial of service through CPU consumption.


  • Affected Versions: Puppet Enterprise 2.x, 3.x
  • Resolved in Puppet Enterprise 2.8.4 and 3.1.1
  • Note: This vulnerability was due to an incomplete fix for CVE-2013-4287.