CVE-2019-16201: Regular Expression Denial of Service vulnerability of WEBrick's Digest access authentication
Posted by mame on 1 Oct 2019
Regular expression denial of service vulnerability of WEBrick’s Digest authentication module was found. An attacker can exploit this vulnerability to cause an effective denial of service against a WEBrick service.
CVE-2019-16201 has been assigned to this vulnerability.
All users running any affected releases should upgrade as soon as possible.
Affected Versions
- All releases that are Ruby 2.3 or earlier
- Ruby 2.4 series: Ruby 2.4.7 or earlier
- Ruby 2.5 series: Ruby 2.5.6 or earlier
- Ruby 2.6 series: Ruby 2.6.4 or earlier
- Ruby 2.7.0-preview1
- prior to master commit 36e057e26ef2104bc2349799d6c52d22bb1c7d03
Acknowledgement
Thanks to 358 for discovering this issue.
History
- Originally published at 2019-10-01 11:00:00 (UTC)
Recent News
Ruby 3.2.11 Released
Ruby 3.2.11 has been released. This release includes an update to the zlib gem addressing CVE-2026-27820.
Posted by hsbt on 27 Mar 2026
Ruby 3.3.11 Released
Ruby 3.3.11 has been released. This release includes an update to the zlib gem addressing CVE-2026-27820, along with some bug fixes.
Posted by hsbt on 26 Mar 2026
Ruby 4.0.2 Released
Ruby 4.0.2 has been released.
Posted by k0kubun on 16 Mar 2026
Ruby 3.4.9 Released
Ruby 3.4.9 has been released.
Posted by nagachika on 11 Mar 2026