Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash.
References
- https://nvd.nist.gov/vuln/detail/CVE-2014-10077
- https://github.com/rubysec/ruby-advisory-db/pull/182/files
- https://github.com/svenfuchs/i18n/pull/289
- https://github.com/svenfuchs/i18n/releases/tag/v0.8.0
- https://lists.debian.org/debian-lts-announce/2018/11/msg00021.html
- https://github.com/advisories/GHSA-34hf-g744-jw64