Lucene search
RubySecRUBY:RUBY-2017-17790HistoryDec 19, 2017 - 9:00 p.m.
The lazy_initialize function in lib/resolv.rb in Ruby
2017-12-1921:00:00
RubySec
rubysec.com
7
The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3
uses Kernel#open, which might allow Command Injection attacks, as
demonstrated by a Resolv::Hosts::new argument beginning with a ‘|’
character, a different vulnerability than CVE-2017-17405.
NOTE: situations with untrusted input may be highly unlikely.
CWE: CWE-74 - Improper Neutralization of Special Elements
CVSS_V3: 9.8 - CRITICAL - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
Related
nessus
nessus
Slackware 14.2 / current : ruby (SSA:2017-353-01)
2017-12-20 00:00:00
GLSA-201802-05 : Ruby: Command injection
2018-02-20 00:00:00
RHEL 7 : ruby (RHSA-2019:2806)
2019-09-19 00:00:00
exploitpack
exploitpack
Ruby 2.2.8 2.3.5 2.4.2 2.5.0-preview1 - NET::Ftp Command Injection
2017-12-02 00:00:00
freebsd
freebsd
ruby -- Command injection vulnerability in Net::FTP
2017-12-14 00:00:00
gentoo
gentoo
Ruby: Command injection
2018-02-20 00:00:00
seebug
seebug
Command injection vulnerability in Net::FTP(CVE-2017-17405)
2017-12-18 00:00:00
checkpoint_advisories
checkpoint_advisories
Ruby Net FTP Command Injection (CVE-2017-17405) - Ver2
2018-04-15 00:00:00
redhatcve
redhatcve
CVE-2017-17405
2017-12-14 21:50:01
veracode
veracode
Arbitrary Command Execution
2019-01-15 09:21:10
hackerone
hackerone
Ruby: NET::Ftp allows command injection in filenames
2017-12-02 11:33:02
ubuntu
ubuntu
Ruby vulnerability
2018-01-04 00:00:00
prion
prion
Command injection
2017-12-15 09:29:00
Command injection
2017-12-20 09:29:00
debiancve
debiancve
CVE-2017-17405
2017-12-15 09:29:00
CVE-2017-17790
2017-12-20 09:29:00
alpinelinux
alpinelinux
CVE-2017-17405
2017-12-15 09:29:00
osv
osv
CVE-2017-17405
2017-12-15 09:29:00
ruby1.8 - security update
2017-12-24 00:00:00
ruby1.9.1 - security update
2017-12-24 00:00:00
redhat
redhat
(RHSA-2019:2806) Important: ruby security update
2019-09-17 10:31:23
slackware
slackware
[slackware-security] ruby
2017-12-20 06:38:26
openvas
openvas
Slackware: Security Advisory (SSA:2017-353-01)
2022-04-21 00:00:00
Ubuntu: Security Advisory (USN-3515-1)
2018-10-26 00:00:00
Mageia: Security Advisory (MGASA-2017-0486)
2022-01-28 00:00:00
zdt
zdt
cve
cve
CVE-2017-17405
2017-12-15 09:29:00
CVE-2017-17790
2017-12-20 09:29:00
ubuntucve
ubuntucve
CVE-2017-17405
2017-12-15 00:00:00
CVE-2017-17790
2017-12-20 00:00:00
exploitdb
exploitdb
debian
debian
[SECURITY] [DLA 1222-1] ruby1.8 security update
2017-12-25 14:56:22
[SECURITY] [DLA 1221-1] ruby1.9.1 security update
2017-12-25 14:56:39
[SECURITY] [DSA 4259-1] ruby2.3 security update
2018-07-31 21:40:30
mageia
mageia
Updated ruby packages fix security vulnerabilities
2017-12-31 18:51:06
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2018-2.0-0011-A
2018-01-11 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2018-1.0-0098-A
2018-01-11 00:00:00
Important Photon OS Security Update - PHSA-2018-0011
2018-01-11 00:00:00
oraclelinux
oraclelinux
ruby security update
2018-02-28 00:00:00
centos
centos
ruby, rubygem, rubygems security update
2018-03-10 11:53:01
ibm
ibm
Security Bulletin: Vulnerabilities in Ruby affect PowerKVM
2018-06-18 01:42:18
apple
apple
About the security content of macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan
2018-07-09 00:00:00
Related for RUBY:RUBY-2017-17790