Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2024-1576.NASL
HistoryApr 02, 2024 - 12:00 a.m.

Oracle Linux 9 : ruby:3.1 (ELSA-2024-1576)

2024-04-0200:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
oracle linux 9
ruby
elsa-2024-1576
redos
uri
time
cgi gem
http response splitting
nessus scanner

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.8%

JSON

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1576 advisory.

  • A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1. (CVE-2023-28755)

  • A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2. (CVE-2023-28756)

  • A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version. (CVE-2023-36617)

  • The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object. (CVE-2021-33621)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2024-1576.
##

include('compat.inc');

if (description)
{
  script_id(192872);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/02");

  script_cve_id(
    "CVE-2021-33621",
    "CVE-2023-28755",
    "CVE-2023-28756",
    "CVE-2023-36617"
  );

  script_name(english:"Oracle Linux 9 : ruby:3.1 (ELSA-2024-1576)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the
ELSA-2024-1576 advisory.

  - A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser
    mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing
    strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1. (CVE-2023-28755)

  - A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser
    mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing
    strings to Time objects. The fixed versions are 0.1.1 and 0.2.2. (CVE-2023-28756)

  - A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles
    invalid URLs that have specific characters. There is an increase in execution time for parsing strings to
    URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete
    fix for CVE-2023-28755. Version 0.10.3 is also a fixed version. (CVE-2023-36617)

  - The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response
    splitting. This is relevant to applications that use untrusted user input either to generate an HTTP
    response or to create a CGI::Cookie object. (CVE-2021-33621)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2024-1576.html");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-33621");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/11/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/04/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/02");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:linux:9:1:appstream_base");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:linux:9:2:appstream_base");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:linux:9:3:appstream_base");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:linux:9::appstream");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:linux:9::appstream_developer");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:9");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby-bundled-gems");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby-default-gems");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-bigdecimal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-bundler");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-io-console");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-irb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-json");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-minitest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-mysql2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-mysql2-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-pg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-pg-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-power_assert");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-psych");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-rake");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-rbs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-rdoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-rexml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-rss");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-test-unit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-typeprof");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygems");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygems-devel");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Oracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/local_checks_enabled");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_release = get_kb_item("Host/RedHat/release");
if (isnull(os_release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 9', 'Oracle Linux ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);

var pkgs = [
    {'reference':'ruby-3.1.4-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ruby-bundled-gems-3.1.4-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ruby-default-gems-3.1.4-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ruby-devel-3.1.4-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ruby-doc-3.1.4-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ruby-libs-3.1.4-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-bigdecimal-3.1.1-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-bundler-2.3.26-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-io-console-0.5.11-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-irb-1.4.1-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-json-2.6.1-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-minitest-5.15.0-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-mysql2-0.5.4-1.module+el9.1.0+20815+286161bd', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-mysql2-doc-0.5.4-1.module+el9.1.0+20815+286161bd', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-pg-1.3.5-1.module+el9.1.0+20815+286161bd', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-pg-doc-1.3.5-1.module+el9.1.0+20815+286161bd', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-power_assert-2.0.1-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-psych-4.0.4-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-rake-13.0.6-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-rbs-2.7.0-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-rdoc-6.4.0-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-rexml-3.2.5-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-rss-0.2.9-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-test-unit-3.5.3-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-typeprof-0.21.3-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygems-3.3.26-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygems-devel-3.3.26-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ruby-3.1.4-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'i686', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ruby-bundled-gems-3.1.4-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'i686', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ruby-devel-3.1.4-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'i686', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ruby-libs-3.1.4-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'i686', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-bigdecimal-3.1.1-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'i686', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-io-console-0.5.11-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'i686', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-json-2.6.1-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'i686', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-psych-4.0.4-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'i686', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-rbs-2.7.0-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'i686', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ruby-3.1.4-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ruby-bundled-gems-3.1.4-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ruby-devel-3.1.4-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ruby-libs-3.1.4-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-bigdecimal-3.1.1-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-io-console-0.5.11-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-json-2.6.1-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-mysql2-0.5.4-1.module+el9.1.0+20815+286161bd', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-pg-1.3.5-1.module+el9.1.0+20815+286161bd', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-psych-4.0.4-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-rbs-2.7.0-143.module+el9.3.0+90207+bf8fadcb', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release) {
    if (exists_check) {
        if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
    } else {
        if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
    }
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ruby / ruby-bundled-gems / ruby-default-gems / etc');
}
VendorProductVersionCPE
oraclelinux9cpe:/a:oracle:linux:9:1:appstream_base
oraclelinux9cpe:/a:oracle:linux:9:2:appstream_base
oraclelinux9cpe:/a:oracle:linux:9:3:appstream_base
oraclelinux9cpe:/a:oracle:linux:9::appstream
oraclelinux9cpe:/a:oracle:linux:9::appstream_developer
oraclelinux9cpe:/o:oracle:linux:9
oraclelinuxrubyp-cpe:/a:oracle:linux:ruby
oraclelinuxruby-bundled-gemsp-cpe:/a:oracle:linux:ruby-bundled-gems
oraclelinuxruby-default-gemsp-cpe:/a:oracle:linux:ruby-default-gems
oraclelinuxruby-develp-cpe:/a:oracle:linux:ruby-devel
Rows per page:
1-10 of 331

Related

rocky 3
oraclelinux 6
almalinux 6
osv 22
nessus 63
redhat 6
ubuntu 5
openvas 30
ubuntucve 4
nvd 4
redhatcve 2
cloudfoundry 4
veracode 2
cve 4
cvelist 3
slackware 2
prion 1
github 3
debiancve 4
hackerone 3
fedora 8
debian 1
rubygems 1
photon 2
cbl_mariner 1
cgr 4
wolfi 2
freebsd 2
amazon 1
rocky
rocky
ruby:3.1 security, bug fix, and enhancement update
2024-03-27 04:34:32
ruby:3.1 security, bug fix, and enhancement update
2024-04-05 14:57:12
ruby:2.7 security, bug fix, and enhancement update
2023-08-31 16:54:34
oraclelinux
oraclelinux
ruby:3.1 security, bug fix, and enhancement update
2024-03-20 00:00:00
ruby:3.1 security, bug fix, and enhancement update
2024-04-02 00:00:00
ruby:2.7 security, bug fix, and enhancement update
2023-07-08 00:00:00
almalinux
almalinux
Moderate: ruby:3.1 security, bug fix, and enhancement update
2024-03-19 00:00:00
Moderate: ruby:3.1 security, bug fix, and enhancement update
2024-04-01 00:00:00
Moderate: ruby:2.7 security, bug fix, and enhancement update
2023-06-27 00:00:00
osv
osv
Moderate: ruby:3.1 security, bug fix, and enhancement update
2024-04-05 14:57:12
Moderate: ruby:3.1 security, bug fix, and enhancement update
2024-04-01 00:00:00
Moderate: ruby:3.1 security, bug fix, and enhancement update
2024-03-19 00:00:00
nessus
nessus
RHEL 9 : ruby:3.1 (RHSA-2024:1576)
2024-04-01 00:00:00
Rocky Linux 9 : ruby:3.1 (RLSA-2024:1576)
2024-04-05 00:00:00
RHEL 8 : ruby:3.1 (RHSA-2024:1431)
2024-03-19 00:00:00
redhat
redhat
(RHSA-2024:1576) Moderate: ruby:3.1 security, bug fix, and enhancement update
2024-04-01 00:57:59
(RHSA-2024:1431) Moderate: ruby:3.1 security, bug fix, and enhancement update
2024-03-19 18:23:24
(RHSA-2023:3821) Moderate: ruby:2.7 security, bug fix, and enhancement update
2023-06-27 13:35:33
ubuntu
ubuntu
Ruby vulnerabilities
2023-06-21 00:00:00
Ruby vulnerabilities
2023-07-12 00:00:00
Ruby vulnerabilities
2023-05-18 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6181-1)
2023-06-22 00:00:00
openSUSE: Security Advisory for ruby2.5 (SUSE-SU-2023:4176-1)
2024-03-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:4176-1)
2023-10-25 00:00:00
ubuntucve
ubuntucve
CVE-2023-36617
2023-06-29 00:00:00
CVE-2021-33621
2022-11-18 00:00:00
CVE-2023-28756
2023-03-31 00:00:00
nvd
nvd
CVE-2023-36617
2023-06-29 13:15:09
CVE-2021-33621
2022-11-18 23:15:18
CVE-2023-28755
2023-03-31 04:15:09
redhatcve
redhatcve
CVE-2023-36617
2023-07-13 11:36:22
CVE-2023-28756
2023-04-03 14:43:40
cloudfoundry
cloudfoundry
USN-6219-1: Ruby vulnerabilities | Cloud Foundry
2023-09-28 00:00:00
USN-6055-1: Ruby vulnerabilities | Cloud Foundry
2023-06-30 00:00:00
USN-6087-1: Ruby vulnerabilities | Cloud Foundry
2023-06-05 00:00:00
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2023-06-30 03:59:11
Regular Expression Denial Of Service (ReDoS)
2023-04-04 14:02:35
cve
cve
CVE-2023-36617
2023-06-29 13:15:09
CVE-2021-33621
2022-11-18 23:15:18
CVE-2023-28756
2023-03-31 04:15:09
cvelist
cvelist
CVE-2023-36617
2023-06-29 00:00:00
CVE-2023-28756
2023-03-31 00:00:00
CVE-2023-28755
2023-03-31 00:00:00
slackware
slackware
[slackware-security] ruby
2023-03-31 18:29:16
[slackware-security] ruby
2022-11-24 21:00:38
prion
prion
Design/Logic Flaw
2023-06-29 13:15:00
github
github
URI gem has ReDoS vulnerability
2023-06-29 15:30:34
Ruby Time component ReDoS issue
2023-03-31 06:30:15
Ruby URI component ReDoS issue
2023-03-31 06:30:15
debiancve
debiancve
CVE-2023-36617
2023-06-29 13:15:09
CVE-2021-33621
2022-11-18 23:15:18
CVE-2023-28756
2023-03-31 04:15:09
hackerone
hackerone
Internet Bug Bounty: CVE-2023-36617: ReDoS vulnerability in URI (Ruby)
2023-07-17 05:09:41
Internet Bug Bounty: Security Unfavorable Specifications and Implementations in the CGI::Cookie Class
2023-03-01 08:03:28
Internet Bug Bounty: ReDoS( Ruby, Time)
2023-04-01 23:52:39
fedora
fedora
[SECURITY] Fedora 36 Update: ruby-3.1.4-175.fc36
2023-04-21 01:25:27
[SECURITY] Fedora 37 Update: ruby-3.1.4-175.fc37
2023-04-21 02:11:09
[SECURITY] Fedora 38 Update: ruby-3.2.2-180.fc38
2023-04-15 02:16:08
debian
debian
[SECURITY] [DLA 3447-1] ruby2.5 security update
2023-06-07 20:38:22
rubygems
rubygems
ReDoS vulnerability in URI
2023-06-28 21:00:00
photon
photon
Important Photon OS Security Update - PHSA-2024-5.0-0247
2024-04-16 00:00:00
Important Photon OS Security Update - PHSA-2024-4.0-0562
2024-02-08 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-36617 affecting package ruby for versions less than 3.1.4-2
2023-08-30 14:44:06
cgr
cgr
CVE-2023-36617 vulnerabilities
2024-05-19 03:07:16
CVE-2023-28756 vulnerabilities
2024-05-19 03:07:16
CVE-2021-33621 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2023-36617 vulnerabilities
2024-07-03 21:08:38
CVE-2023-28756 vulnerabilities
2024-07-03 21:08:38
freebsd
freebsd
rubygem-time -- ReDoS vulnerability
2023-03-30 00:00:00
rubygem-cgi -- HTTP response splitting vulnerability
2022-11-22 00:00:00
amazon
amazon
Medium: ruby
2023-06-07 23:52:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.8%

JSON
Related for ORACLELINUX_ELSA-2024-1576.NASL
rocky3oraclelinux6almalinux6osv22nessus63redhat6ubuntu5openvas30ubuntucve4nvd4redhatcve2cloudfoundry4veracode2cve4cvelist3slackware2prion1github3debiancve4hackerone3fedora8debian1rubygems1photon2cbl_mariner1cgr4wolfi2freebsd2amazon1