Lucene search
K
Ruby-langRuby2.4.7

4 matches found

CVE
CVE
added 2019/11/26 4:45 p.m.448 views

CVE-2019-15845

CVE-2019-15845 is a Ruby vulnerability where File.fnmatch and File.fnmatch? mishandled strings containing NULL bytes, enabling a remote attacker to access unexpected files and bypass filesystem restrictions in affected Ruby versions (Ruby 2.4.7 and earlier; 2.5.x up to 2.5.6; 2.6.x up to 2.6.4). ...

6.5CVSS7.1AI score0.03317EPSS
CVE
CVE
added 2019/11/26 12:0 a.m.447 views

CVE-2019-16255

CVE-2019-16255 affects Ruby up to 2.4.7, 2.5.x up to 2.5.6, and 2.6.x up to 2.6.4, enabling code injection via the first argument to Shell#[] or Shell#test when data is untrusted. Connected advisories confirm this vulnerability and list affected JRuby/Ruby variants, with remediation by upgrading ...

8.1CVSS8.2AI score0.04221EPSS
CVE
CVE
added 2019/11/26 12:0 a.m.444 views

CVE-2019-16201

CVE-2019-16201 affects Ruby’s WEBrick DigestAuth implementations across multiple Ruby branches (up to 2.4.7, 2.5.x up to 2.5.6, and 2.6.x up to 2.6.4). The issue is a regular-expression Denial of Service caused by backtracking in DigestAuth, requiring a WEBrick server exposed to the Internet or a...

7.8CVSS7.6AI score0.05128EPSS
CVE
CVE
added 2019/11/26 12:0 a.m.408 views

CVE-2019-16254

CVE-2019-16254 (HTTP Response Splitting) affects Ruby WEBrick in versions up to 2.4.7, 2.5.x up to 2.5.6, and 2.6.x up to 2.6.4. The issue arises when untrusted input is inserted into HTTP response headers, enabling CRLF/header injection and potentially malicious content. It is noted as a follow-...

5.3CVSS6.8AI score0.04569EPSS