Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2019-1148.NASLHistoryApr 27, 2024 - 12:00 a.m.
RHEL 7 : rh-ruby25-ruby (RHSA-2019:1148)
2024-04-2700:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
3
rhel 7
rh-ruby25-ruby
rhsa-2019:1148
vulnerabilities
symlink
escape sequence injection
arbitrary code execution
nessus
application version.
8.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.3 High
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
78.7%
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1148 advisory.
-
rubygems: Delete directory using symlink when decompressing tar (CVE-2019-8320)
-
rubygems: Escape sequence injection vulnerability in verbose (CVE-2019-8321)
-
rubygems: Escape sequence injection vulnerability in gem owner (CVE-2019-8322)
-
rubygems: Escape sequence injection vulnerability in API response handling (CVE-2019-8323)
-
rubygems: Installing a malicious gem may lead to arbitrary code execution (CVE-2019-8324)
-
rubygems: Escape sequence injection vulnerability in errors (CVE-2019-8325)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2019:1148. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(193985);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/27");
script_cve_id(
"CVE-2019-8320",
"CVE-2019-8321",
"CVE-2019-8322",
"CVE-2019-8323",
"CVE-2019-8324",
"CVE-2019-8325"
);
script_xref(name:"RHSA", value:"2019:1148");
script_name(english:"RHEL 7 : rh-ruby25-ruby (RHSA-2019:1148)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2019:1148 advisory.
- rubygems: Delete directory using symlink when decompressing tar (CVE-2019-8320)
- rubygems: Escape sequence injection vulnerability in verbose (CVE-2019-8321)
- rubygems: Escape sequence injection vulnerability in gem owner (CVE-2019-8322)
- rubygems: Escape sequence injection vulnerability in API response handling (CVE-2019-8323)
- rubygems: Installing a malicious gem may lead to arbitrary code execution (CVE-2019-8324)
- rubygems: Escape sequence injection vulnerability in errors (CVE-2019-8325)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#important");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1692512");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1692514");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1692516");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1692519");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1692520");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1692522");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1700274");
# https://access.redhat.com/security/data/csaf/v2/advisories/2019/rhsa-2019_1148.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?329f8482");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2019:1148");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-8320");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2019-8324");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(20, 22, 88);
script_set_attribute(attribute:"vendor_severity", value:"Important");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/11");
script_set_attribute(attribute:"patch_publication_date", value:"2019/05/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-ruby25-ruby");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-ruby25-ruby-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-ruby25-ruby-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-ruby25-ruby-irb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-ruby25-ruby-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-ruby25-rubygem-bigdecimal");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-ruby25-rubygem-did_you_mean");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-ruby25-rubygem-io-console");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-ruby25-rubygem-json");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-ruby25-rubygem-minitest");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-ruby25-rubygem-net-telnet");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-ruby25-rubygem-openssl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-ruby25-rubygem-power_assert");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-ruby25-rubygem-psych");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-ruby25-rubygem-rake");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-ruby25-rubygem-rdoc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-ruby25-rubygem-test-unit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-ruby25-rubygem-xmlrpc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-ruby25-rubygems");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-ruby25-rubygems-devel");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'repo_relative_urls': [
'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/rhscl/1/debug',
'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/rhscl/1/os',
'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/rhscl/1/source/SRPMS',
'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/debug',
'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/os',
'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/source/SRPMS',
'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/debug',
'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/os',
'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/source/SRPMS',
'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/debug',
'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/os',
'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/source/SRPMS',
'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/debug',
'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/os',
'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/debug',
'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/os',
'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/source/SRPMS',
'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/debug',
'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/os',
'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/source/SRPMS',
'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/debug',
'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/os',
'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/source/SRPMS'
],
'pkgs': [
{'reference':'rh-ruby25-ruby-2.5.5-7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-ruby25-ruby-devel-2.5.5-7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-ruby25-ruby-doc-2.5.5-7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-ruby25-ruby-irb-2.5.5-7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-ruby25-ruby-libs-2.5.5-7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-ruby25-rubygem-bigdecimal-1.3.4-7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-ruby25-rubygem-did_you_mean-1.2.0-7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-ruby25-rubygem-io-console-0.4.6-7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-ruby25-rubygem-json-2.1.0-7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-ruby25-rubygem-minitest-5.10.3-7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-ruby25-rubygem-net-telnet-0.1.1-7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-ruby25-rubygem-openssl-2.1.2-7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-ruby25-rubygem-power_assert-1.1.1-7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-ruby25-rubygem-psych-3.0.2-7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-ruby25-rubygem-rake-12.3.0-7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-ruby25-rubygem-rdoc-6.0.1-7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-ruby25-rubygem-test-unit-3.2.7-7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-ruby25-rubygem-xmlrpc-0.3.0-7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-ruby25-rubygems-2.7.6.2-7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-ruby25-rubygems-devel-2.7.6.2-7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE}
]
}
];
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
foreach var pkg ( constraint_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-ruby25-ruby / rh-ruby25-ruby-devel / rh-ruby25-ruby-doc / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | enterprise_linux | 7 | cpe:/o:redhat:enterprise_linux:7 |
| redhat | enterprise_linux | rh-ruby25-ruby | p-cpe:/a:redhat:enterprise_linux:rh-ruby25-ruby |
| redhat | enterprise_linux | rh-ruby25-ruby-devel | p-cpe:/a:redhat:enterprise_linux:rh-ruby25-ruby-devel |
| redhat | enterprise_linux | rh-ruby25-ruby-doc | p-cpe:/a:redhat:enterprise_linux:rh-ruby25-ruby-doc |
| redhat | enterprise_linux | rh-ruby25-ruby-irb | p-cpe:/a:redhat:enterprise_linux:rh-ruby25-ruby-irb |
| redhat | enterprise_linux | rh-ruby25-ruby-libs | p-cpe:/a:redhat:enterprise_linux:rh-ruby25-ruby-libs |
| redhat | enterprise_linux | rh-ruby25-rubygem-bigdecimal | p-cpe:/a:redhat:enterprise_linux:rh-ruby25-rubygem-bigdecimal |
| redhat | enterprise_linux | rh-ruby25-rubygem-did_you_mean | p-cpe:/a:redhat:enterprise_linux:rh-ruby25-rubygem-did_you_mean |
| redhat | enterprise_linux | rh-ruby25-rubygem-io-console | p-cpe:/a:redhat:enterprise_linux:rh-ruby25-rubygem-io-console |
| redhat | enterprise_linux | rh-ruby25-rubygem-json | p-cpe:/a:redhat:enterprise_linux:rh-ruby25-rubygem-json |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8320
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8321
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8322
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8324
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8325
www.nessus.org/u?329f8482
access.redhat.com/errata/RHSA-2019:1148
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1692512
bugzilla.redhat.com/show_bug.cgi?id=1692514
bugzilla.redhat.com/show_bug.cgi?id=1692516
bugzilla.redhat.com/show_bug.cgi?id=1692519
bugzilla.redhat.com/show_bug.cgi?id=1692520
bugzilla.redhat.com/show_bug.cgi?id=1692522
bugzilla.redhat.com/show_bug.cgi?id=1700274
Related
debian
debian
[SECURITY] [DSA 4433-1] ruby2.3 security update
2019-04-16 20:57:32
[SECURITY] [DLA 1735-1] ruby2.1 security update
2019-03-29 08:53:04
[SECURITY] [DLA 2330-1] jruby security update
2020-08-16 13:13:11
nessus
nessus
RHEL 7 : CloudForms 4.7.5 (RHSA-2019:1429)
2024-04-22 00:00:00
Fedora 29 : ruby (2019-a155364f3c)
2019-05-03 00:00:00
Amazon Linux AMI : ruby20 / ruby21, ruby24 (ALAS-2019-1255)
2019-08-13 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-4433-1)
2019-04-18 00:00:00
Fedora Update for ruby FEDORA-2019-feac6674b7
2019-05-10 00:00:00
Ubuntu: Security Advisory (USN-3945-1)
2019-04-12 00:00:00
redhat
redhat
fedora
fedora
[SECURITY] Fedora 28 Update: ruby-2.5.5-108.fc28
2019-05-10 01:35:27
[SECURITY] Fedora 29 Update: ruby-2.5.5-101.fc29
2019-05-03 03:43:05
cloudfoundry
cloudfoundry
USN-3945-1: Ruby vulnerabilities | Cloud Foundry
2019-04-12 00:00:00
ubuntu
ubuntu
Ruby vulnerabilities
2019-04-11 00:00:00
amazon
amazon
Important: ruby20, ruby21, ruby24
2019-08-07 22:58:00
Important: ruby
2019-07-18 18:14:00
osv
osv
ruby2.3 - security update
2019-04-16 00:00:00
ruby:2.5 bug fix and enhancement update
2019-11-05 17:38:32
ruby2.1 - security update
2019-03-29 00:00:00
freebsd
freebsd
RubyGems -- multiple vulnerabilities
2019-03-05 00:00:00
rocky
rocky
2.5 bug fix and enhancement update
2019-11-05 17:38:32
ruby:2.5 security update
2019-07-30 11:16:25
oraclelinux
oraclelinux
ruby security update
2019-05-16 00:00:00
ruby:2.5 security update
2019-08-05 00:00:00
ruby security update
2019-08-13 00:00:00
centos
centos
ruby, rubygem, rubygems security update
2019-05-21 21:25:00
f5
f5
mageia
mageia
Updated jruby packages fix security vulnerabilities
2020-11-27 23:14:57
Updated ruby-RubyGems packages fix security vulnerability
2020-06-11 00:39:20
alpinelinux
alpinelinux
ibm
ibm
Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-z
2019-07-15 22:35:01
suse
suse
Security update for ruby-bundled-gems-rpmhelper, ruby2.5 (important)
2019-07-21 00:00:00
cvelist
cvelist
redhatcve
redhatcve
nvd
nvd
cve
cve
prion
prion
Design/Logic Flaw
2019-06-17 20:15:00
Design/Logic Flaw
2019-06-17 20:15:00
Design/Logic Flaw
2019-06-17 20:15:00
ubuntucve
ubuntucve
debiancve
debiancve
veracode
veracode
Unauthorised File Deletion Via Symlink
2019-05-16 04:01:21
Escape Sequence Injection
2019-05-16 03:48:47
Escape Sequence Injection
2019-05-16 03:48:47
github
github
RubyGems Escape sequence injection vulnerability in api response handling
2019-06-20 16:05:57
RubyGems Escape sequence injection vulnerability in verbose
2019-06-20 16:06:04
RubyGems Escape sequence injection vulnerability in gem owner
2019-06-20 16:06:00
hackerone
hackerone
RubyGems: Delete directory using symlink when decompressing tar
2018-02-18 10:55:08
attackerkb
attackerkb
Installing a malicious gem may lead to arbitrary code execution
2020-03-17 00:00:00
almalinux
almalinux
Important: ruby:2.5 security update
2019-07-30 11:16:25
8.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.3 High
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
78.7%
Related for REDHAT-RHSA-2019-1148.NASL