Lucene search

K
gentooGentoo FoundationGLSA-202003-06
HistoryMar 13, 2020 - 12:00 a.m.

Ruby: Multiple vulnerabilities

2020-03-1300:00:00
Gentoo Foundation
security.gentoo.org
49

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.011 Low

EPSS

Percentile

83.8%

Background

Ruby is an interpreted object-oriented programming language. The elaborate standard library includes an HTTP server (“WEBRick”) and a class for XML parsing (“REXML”).

Description

Multiple vulnerabilities have been discovered in Ruby. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could execute arbitrary code, have unauthorized access by bypassing intended path matching or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Ruby 2.4.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-lang/ruby-2.4.9:2.4"

All Ruby 2.5.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-lang/ruby-2.5.7:2.5"
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-lang/ruby< 2.4.9UNKNOWN

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.011 Low

EPSS

Percentile

83.8%