Lucene search
K
Ruby-langRuby2.2.0

5 matches found

CVE
CVE
added 2018/04/03 12:0 a.m.398 views

CVE-2017-17742

CVE-2017-17742 affects Ruby with WEBrick: HTTP Response Splitting via crafted headers in WEBrick, impacting Ruby versions: <2.2.10, 2.3.x <2.3.7, 2.4.x <2.4.4, 2.5.x

5.3CVSS6.8AI score0.0576EPSS
CVE
CVE
added 2018/04/03 10:0 p.m.277 views

CVE-2018-6914

CVE-2018-6914 is a directory traversal vulnerability in Ruby’s tmpdir library (Dir.mktmpdir). The flaw allows an attacker to create arbitrary directories or files via a “..” in the prefix argument. Affected Ruby versions: before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, ...

7.5CVSS7AI score0.10552EPSS
CVE
CVE
added 2018/04/03 10:0 p.m.265 views

CVE-2018-8778

CVE-2018-8778 affects Ruby prior to 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1. It describes a buffer under-read in String#unpack triggered by an attacker-controlled unpacking format, leading to massive information disclosure. Affected platforms include...

7.5CVSS6.8AI score0.07825EPSS
CVE
CVE
added 2018/04/03 10:0 p.m.246 views

CVE-2018-8779

CVE-2018-8779 is a Ruby vulnerability in which UNIXServer.open and UNIXSocket.open did not check for NULL (NUL) bytes in the path, potentially creating an unintended socket. Public details in the provided documents show affected series include Ruby 2.2.x prior to 2.2.10, 2.3.x prior to 2.3.7, 2.4...

7.5CVSS7AI score0.07169EPSS
CVE
CVE
added 2018/04/03 10:0 p.m.244 views

CVE-2018-8777

CVE-2018-8777 affects Ruby WEBrick: sending a large HTTP request or crafted body to WEBrick can cause memory-based denial of service. Affected Ruby branches include 2.2.x before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1. Mitigation is upgrading to the ...

7.5CVSS6.8AI score0.04636EPSS