Ruby@2.4.4 Security Vulnerabilities and Issues — Ruby@2.4.4 CVE List

Ruby-langRuby2.4.4

2 matches found

CVE•added 2018/11/16 6:0 p.m.•477 views

CVE-2018-16395

The CVE describes a bug in Ruby’s OpenSSL X509::Name equality check. Affected Ruby/OpenSSL versions are 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared, depending on ordering, non-equal names may compar...

9.8CVSS7.2AI score0.0421EPSS

CVE•added 2018/11/16 6:0 p.m.•323 views

CVE-2018-16396

CVE-2018-16396 is a taint propagation issue in Ruby: certain formats used when unpacking tainted strings do not propagate taint correctly. Affected versions are Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. The root cause is that unpacked strings deri...

8.1CVSS7.3AI score0.03126EPSS