Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2018-0378.NASL
HistoryMar 01, 2018 - 12:00 a.m.

RHEL 7 : ruby (RHSA-2018:0378)

2018-03-0100:00:00
This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
50
JSON

An update for ruby is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

Security Fix(es) :

  • It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module. (CVE-2017-17405)

  • A buffer underflow was found in ruby’s sprintf function. An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the interpreter. (CVE-2017-0898)

  • It was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory.
    (CVE-2017-0901)

  • A vulnerability was found where rubygems did not sanitize DNS responses when requesting the hostname of the rubygems server for a domain, via a _rubygems._tcp DNS SRV query. An attacker with the ability to manipulate DNS responses could direct the gem command towards a different domain. (CVE-2017-0902)

  • A vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute arbitrary code in the context of the ruby interpreter. (CVE-2017-0903)

  • It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences. (CVE-2017-10784)

  • It was found that the decode method of the OpenSSL::ASN1 module was vulnerable to buffer underrun. An attacker could pass a specially crafted string to the application in order to crash the ruby interpreter, causing a denial of service. (CVE-2017-14033)

  • A vulnerability was found where rubygems did not properly sanitize gems’ specification text. A specially crafted gem could interact with the terminal via the use of escape sequences. (CVE-2017-0899)

  • It was found that rubygems could use an excessive amount of CPU while parsing a sufficiently long gem summary. A specially crafted gem from a gem repository could freeze gem commands attempting to parse its summary. (CVE-2017-0900)

  • A buffer overflow vulnerability was found in the JSON extension of ruby. An attacker with the ability to pass a specially crafted JSON input to the extension could use this flaw to expose the interpreter’s heap memory. (CVE-2017-14064)

  • The ‘lazy_initialize’ function in lib/resolv.rb did not properly process certain filenames. A remote attacker could possibly exploit this flaw to inject and execute arbitrary commands. (CVE-2017-17790)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2018:0378. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(107082);
  script_version("3.11");
  script_cvs_date("Date: 2019/10/24 15:35:44");

  script_cve_id("CVE-2017-0898", "CVE-2017-0899", "CVE-2017-0900", "CVE-2017-0901", "CVE-2017-0902", "CVE-2017-0903", "CVE-2017-10784", "CVE-2017-14033", "CVE-2017-14064", "CVE-2017-17405", "CVE-2017-17790");
  script_xref(name:"RHSA", value:"2018:0378");

  script_name(english:"RHEL 7 : ruby (RHSA-2018:0378)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An update for ruby is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

Ruby is an extensible, interpreted, object-oriented, scripting
language. It has features to process text files and to perform system
management tasks.

Security Fix(es) :

* It was discovered that the Net::FTP module did not properly process
filenames in combination with certain operations. A remote attacker
could exploit this flaw to execute arbitrary commands by setting up a
malicious FTP server and tricking a user or Ruby application into
downloading files with specially crafted names using the Net::FTP
module. (CVE-2017-17405)

* A buffer underflow was found in ruby's sprintf function. An
attacker, with ability to control its format string parameter, could
send a specially crafted string that would disclose heap memory or
crash the interpreter. (CVE-2017-0898)

* It was found that rubygems did not sanitize gem names during
installation of a given gem. A specially crafted gem could use this
flaw to install files outside of the regular directory.
(CVE-2017-0901)

* A vulnerability was found where rubygems did not sanitize DNS
responses when requesting the hostname of the rubygems server for a
domain, via a _rubygems._tcp DNS SRV query. An attacker with the
ability to manipulate DNS responses could direct the gem command
towards a different domain. (CVE-2017-0902)

* A vulnerability was found where the rubygems module was vulnerable
to an unsafe YAML deserialization when inspecting a gem. Applications
inspecting gem files without installing them can be tricked to execute
arbitrary code in the context of the ruby interpreter. (CVE-2017-0903)

* It was found that WEBrick did not sanitize all its log messages. If
logs were printed in a terminal, an attacker could interact with the
terminal via the use of escape sequences. (CVE-2017-10784)

* It was found that the decode method of the OpenSSL::ASN1 module was
vulnerable to buffer underrun. An attacker could pass a specially
crafted string to the application in order to crash the ruby
interpreter, causing a denial of service. (CVE-2017-14033)

* A vulnerability was found where rubygems did not properly sanitize
gems' specification text. A specially crafted gem could interact with
the terminal via the use of escape sequences. (CVE-2017-0899)

* It was found that rubygems could use an excessive amount of CPU
while parsing a sufficiently long gem summary. A specially crafted gem
from a gem repository could freeze gem commands attempting to parse
its summary. (CVE-2017-0900)

* A buffer overflow vulnerability was found in the JSON extension of
ruby. An attacker with the ability to pass a specially crafted JSON
input to the extension could use this flaw to expose the interpreter's
heap memory. (CVE-2017-14064)

* The 'lazy_initialize' function in lib/resolv.rb did not properly
process certain filenames. A remote attacker could possibly exploit
this flaw to inject and execute arbitrary commands. (CVE-2017-17790)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2018:0378"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2017-0898"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2017-0899"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2017-0900"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2017-0901"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2017-0902"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2017-0903"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2017-10784"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2017-14033"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2017-14064"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2017-17405"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2017-17790"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-irb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-tcltk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-bigdecimal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-io-console");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-json");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-minitest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-psych");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-rake");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-rdoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygems");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygems-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/31");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/02/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/01");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2018:0378";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"ruby-2.0.0.648-33.el7_4")) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"ruby-2.0.0.648-33.el7_4")) flag++;

  if (rpm_check(release:"RHEL7", reference:"ruby-debuginfo-2.0.0.648-33.el7_4")) flag++;

  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"ruby-devel-2.0.0.648-33.el7_4")) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"ruby-devel-2.0.0.648-33.el7_4")) flag++;

  if (rpm_check(release:"RHEL7", reference:"ruby-doc-2.0.0.648-33.el7_4")) flag++;

  if (rpm_check(release:"RHEL7", reference:"ruby-irb-2.0.0.648-33.el7_4")) flag++;

  if (rpm_check(release:"RHEL7", reference:"ruby-libs-2.0.0.648-33.el7_4")) flag++;

  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"ruby-tcltk-2.0.0.648-33.el7_4")) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"ruby-tcltk-2.0.0.648-33.el7_4")) flag++;

  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"rubygem-bigdecimal-1.2.0-33.el7_4")) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"rubygem-bigdecimal-1.2.0-33.el7_4")) flag++;

  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"rubygem-io-console-0.4.2-33.el7_4")) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"rubygem-io-console-0.4.2-33.el7_4")) flag++;

  if (rpm_exists(rpm:"rubygem-json-1.7", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"s390x", reference:"rubygem-json-1.7.7-33.el7_4")) flag++;

  if (rpm_exists(rpm:"rubygem-json-1.7", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"rubygem-json-1.7.7-33.el7_4")) flag++;

  if (rpm_check(release:"RHEL7", reference:"rubygem-minitest-4.3.2-33.el7_4")) flag++;

  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"rubygem-psych-2.0.0-33.el7_4")) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"rubygem-psych-2.0.0-33.el7_4")) flag++;

  if (rpm_check(release:"RHEL7", reference:"rubygem-rake-0.9.6-33.el7_4")) flag++;

  if (rpm_check(release:"RHEL7", reference:"rubygem-rdoc-4.0.0-33.el7_4")) flag++;

  if (rpm_check(release:"RHEL7", reference:"rubygems-2.0.14.1-33.el7_4")) flag++;

  if (rpm_check(release:"RHEL7", reference:"rubygems-devel-2.0.14.1-33.el7_4")) flag++;


  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ruby / ruby-debuginfo / ruby-devel / ruby-doc / ruby-irb / etc");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxrubyp-cpe:/a:redhat:enterprise_linux:ruby
redhatenterprise_linuxruby-debuginfop-cpe:/a:redhat:enterprise_linux:ruby-debuginfo
redhatenterprise_linuxruby-develp-cpe:/a:redhat:enterprise_linux:ruby-devel
redhatenterprise_linuxruby-docp-cpe:/a:redhat:enterprise_linux:ruby-doc
redhatenterprise_linuxruby-irbp-cpe:/a:redhat:enterprise_linux:ruby-irb
redhatenterprise_linuxruby-libsp-cpe:/a:redhat:enterprise_linux:ruby-libs
redhatenterprise_linuxruby-tcltkp-cpe:/a:redhat:enterprise_linux:ruby-tcltk
redhatenterprise_linuxrubygem-bigdecimalp-cpe:/a:redhat:enterprise_linux:rubygem-bigdecimal
redhatenterprise_linuxrubygem-io-consolep-cpe:/a:redhat:enterprise_linux:rubygem-io-console
redhatenterprise_linuxrubygem-jsonp-cpe:/a:redhat:enterprise_linux:rubygem-json
Rows per page:
1-10 of 211

References

Related

oraclelinux 1
nessus 44
centos 1
openvas 32
ibm 1
redhat 6
amazon 3
slackware 2
debian 9
ubuntu 6
osv 17
fedora 6
mageia 3
freebsd 2
ubuntucve 9
f5 2
gentoo 3
prion 9
cve 6
debiancve 7
photon 1
seebug 1
exploitpack 1
alpinelinux 5
hackerone 4
veracode 5
redhatcve 9
checkpoint_advisories 1
zdt 1
github 2
oraclelinux
oraclelinux
ruby security update
2018-02-28 00:00:00
nessus
nessus
Oracle Linux 7 : ruby (ELSA-2018-0378)
2018-03-01 00:00:00
Scientific Linux Security Update : ruby on SL7.x x86_64 (20180228)
2018-03-01 00:00:00
CentOS 7 : ruby (CESA-2018:0378)
2018-03-12 00:00:00
centos
centos
ruby, rubygem, rubygems security update
2018-03-10 11:53:01
openvas
openvas
CentOS Update for ruby CESA-2018:0378 centos7
2018-03-14 00:00:00
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2018-1248)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2018-1067)
2020-01-23 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in Ruby affect PowerKVM
2018-06-18 01:42:18
redhat
redhat
(RHSA-2018:0585) Important: rh-ruby23-ruby security, bug fix, and enhancement update
2018-03-26 09:13:23
(RHSA-2018:0378) Important: ruby security update
2018-02-28 16:24:33
(RHSA-2017:3485) Moderate: rh-ruby24-ruby security, bug fix, and enhancement update
2017-12-19 08:13:07
amazon
amazon
Medium: ruby24
2017-10-26 17:01:00
Medium: ruby22, ruby23
2017-10-02 17:01:00
Medium: ruby24, ruby22, ruby23
2018-03-21 22:27:00
slackware
slackware
[slackware-security] ruby
2017-09-18 19:20:47
[slackware-security] ruby
2017-12-20 06:38:26
debian
debian
[SECURITY] [DLA 1114-1] ruby1.9.1 security update
2017-09-26 21:16:53
[SECURITY] [DSA 4031-1] ruby2.3 security update
2017-11-11 14:46:00
[SECURITY] [DSA 4031-1] ruby2.3 security update
2017-11-11 14:46:00
ubuntu
ubuntu
Ruby vulnerabilities
2017-10-05 00:00:00
Ruby vulnerabilities
2018-01-10 00:00:00
Ruby regression
2021-03-25 00:00:00
osv
osv
ruby1.9.1 - security update
2017-09-26 00:00:00
ruby2.3 - security update
2017-11-11 00:00:00
ruby2.0 regression
2021-03-25 15:43:03
fedora
fedora
[SECURITY] Fedora 25 Update: ruby-2.3.4-64.fc25
2017-09-16 03:24:34
[SECURITY] Fedora 26 Update: rubygems-2.6.13-100.fc26
2017-09-09 23:57:10
[SECURITY] Fedora 27 Update: rubygems-2.6.13-100.fc27
2017-09-30 07:26:40
mageia
mageia
Updated ruby-RubyGems packages fix security vulnerabilities
2017-12-31 18:14:43
Updated ruby packages fix security vulnerabilities
2017-10-18 23:19:34
Updated ruby packages fix security vulnerabilities
2017-12-31 18:51:06
freebsd
freebsd
ruby -- multiple vulnerabilities
2017-09-14 00:00:00
ruby -- Command injection vulnerability in Net::FTP
2017-12-14 00:00:00
ubuntucve
ubuntucve
CVE-2017-0899
2017-08-31 00:00:00
CVE-2017-0900
2017-08-31 00:00:00
CVE-2017-17790
2017-12-20 00:00:00
f5
f5
K01730454 : Ruby vulnerabilities CVE-2017-0899, CVE-2017-0900, CVE-2017-0901, and CVE-2017-0902
2017-09-11 00:00:00
K91125274 : RubyGems vulnerability CVE-2017-0903
2022-04-14 00:00:00
gentoo
gentoo
RubyGems: Multiple vulnerabilities
2017-10-08 00:00:00
Ruby: Multiple vulnerabilities
2017-10-18 00:00:00
Ruby: Command injection
2018-02-20 00:00:00
prion
prion
Command injection
2017-12-20 09:29:00
Null pointer dereference
2017-08-31 17:29:00
Command injection
2017-12-15 09:29:00
cve
cve
CVE-2017-17790
2017-12-20 09:29:00
CVE-2017-10784
2017-09-19 17:29:00
CVE-2017-17405
2017-12-15 09:29:00
debiancve
debiancve
CVE-2017-17790
2017-12-20 09:29:00
CVE-2017-17405
2017-12-15 09:29:00
CVE-2017-10784
2017-09-19 17:29:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0100
2018-01-18 00:00:00
seebug
seebug
Command injection vulnerability in Net::FTP(CVE-2017-17405)
2017-12-18 00:00:00
exploitpack
exploitpack
Ruby 2.2.8 2.3.5 2.4.2 2.5.0-preview1 - NET::Ftp Command Injection
2017-12-02 00:00:00
alpinelinux
alpinelinux
CVE-2017-14064
2017-08-31 17:29:00
CVE-2017-10784
2017-09-19 17:29:00
CVE-2017-17405
2017-12-15 09:29:00
hackerone
hackerone
Ruby: Escape sequence injection vulnerability in WEBrick BasicAuth
2017-04-24 10:25:41
Ruby: Arbitrary heap exposure in JSON.generate
2017-03-01 22:55:39
Ruby: NET::Ftp allows command injection in filenames
2017-12-02 11:33:02
veracode
veracode
Buffer Overflow
2019-05-16 02:16:35
Command Injection
2019-05-16 02:49:49
Arbitrary Command Execution
2019-01-15 09:21:10
redhatcve
redhatcve
CVE-2017-14033
2017-09-14 21:48:31
CVE-2017-17405
2017-12-14 21:50:01
CVE-2017-17790
2019-10-08 04:44:54
checkpoint_advisories
checkpoint_advisories
Ruby Net FTP Command Injection (CVE-2017-17405) - Ver2
2018-04-15 00:00:00
zdt
zdt
Ruby < 2.2.8 / < 2.3.5 / < 2.4.2 / < 2.5.0-preview1 - NET::Ftp Command Injection Exploit
2017-12-22 00:00:00
github
github
Ruby OpenSSL DoS Vulnerability
2022-05-14 02:03:26
WEBrick RCE Vulnerability
2022-05-14 02:03:29
JSON
Related for REDHAT-RHSA-2018-0378.NASL
oraclelinux1nessus44centos1openvas32ibm1redhat6amazon3slackware2debian9ubuntu6osv17fedora6mageia3freebsd2ubuntucve9f52gentoo3prion9cve6debiancve7photon1seebug1exploitpack1alpinelinux5hackerone4veracode5redhatcve9checkpoint_advisories1zdt1github2