logo
DATABASE RESOURCES PRICING ABOUT US

Ruby: Multiple vulnerabilities

Description

### Background Ruby is an interpreted object-oriented programming language. The elaborate standard library includes an HTTP server (“WEBRick”) and a class for XML parsing (“REXML”). ### Description Multiple vulnerabilities have been discovered in Ruby. Please review the CVE identifiers referenced below for details. ### Impact A remote attacker could execute arbitrary code, have unauthorized access by bypassing intended path matching or cause a Denial of Service condition. ### Workaround There is no known workaround at this time. ### Resolution All Ruby 2.4.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/ruby-2.4.9:2.4" All Ruby 2.5.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/ruby-2.5.7:2.5"


Affected Package


OS OS Version Package Name Package Version
Gentoo any dev-lang/ruby 2.4.9

Related