Lucene search
K

8 matches found

CVE
CVE
added 2018/11/16 6:0 p.m.486 views

CVE-2018-16395

The CVE describes a bug in Ruby’s OpenSSL X509::Name equality check. Affected Ruby/OpenSSL versions are 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared, depending on ordering, non-equal names may compar...

9.8CVSS7.2AI score0.10715EPSS
CVE
CVE
added 2018/04/03 12:0 a.m.397 views

CVE-2017-17742

CVE-2017-17742 affects Ruby with WEBrick: HTTP Response Splitting via crafted headers in WEBrick, impacting Ruby versions: <2.2.10, 2.3.x <2.3.7, 2.4.x <2.4.4, 2.5.x

5.3CVSS6.8AI score0.0576EPSS
CVE
CVE
added 2018/04/03 10:0 p.m.335 views

CVE-2018-8780

CVE-2018-8780 affects Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1. The flaw is in Dir.open, Dir.new, Dir.entries and Dir.empty? which do not check NULL characters, enabling unintentional directory traversal when these methods are used. Affect...

9.1CVSS7.1AI score0.10098EPSS
CVE
CVE
added 2018/11/16 6:0 p.m.328 views

CVE-2018-16396

CVE-2018-16396 is a taint propagation issue in Ruby: certain formats used when unpacking tainted strings do not propagate taint correctly. Affected versions are Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. The root cause is that unpacked strings deri...

8.1CVSS7.3AI score0.07968EPSS
CVE
CVE
added 2018/04/03 10:0 p.m.277 views

CVE-2018-6914

CVE-2018-6914 is a directory traversal vulnerability in Ruby’s tmpdir library (Dir.mktmpdir). The flaw allows an attacker to create arbitrary directories or files via a “..” in the prefix argument. Affected Ruby versions: before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, ...

7.5CVSS7AI score0.10552EPSS
CVE
CVE
added 2018/04/03 10:0 p.m.265 views

CVE-2018-8778

CVE-2018-8778 affects Ruby prior to 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1. It describes a buffer under-read in String#unpack triggered by an attacker-controlled unpacking format, leading to massive information disclosure. Affected platforms include...

7.5CVSS6.8AI score0.07825EPSS
CVE
CVE
added 2018/04/03 10:0 p.m.246 views

CVE-2018-8779

CVE-2018-8779 is a Ruby vulnerability in which UNIXServer.open and UNIXSocket.open did not check for NULL (NUL) bytes in the path, potentially creating an unintended socket. Public details in the provided documents show affected series include Ruby 2.2.x prior to 2.2.10, 2.3.x prior to 2.3.7, 2.4...

7.5CVSS7AI score0.07169EPSS
CVE
CVE
added 2018/04/03 10:0 p.m.244 views

CVE-2018-8777

CVE-2018-8777 affects Ruby WEBrick: sending a large HTTP request or crafted body to WEBrick can cause memory-based denial of service. Affected Ruby branches include 2.2.x before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1. Mitigation is upgrading to the ...

7.5CVSS6.8AI score0.04636EPSS