logo
DATABASE RESOURCES PRICING ABOUT US

Ruby vulnerability

Description

Juho Nurminen discovered that the REXML gem bundled with Ruby incorrectly parsed and serialized XML documents. A remote attacker could possibly use this issue to perform an XML round-trip attack.


Affected Package


OS OS Version Package Name Package Version
Ubuntu 20.10 libruby2.7 2.7.1-3ubuntu1.3
Ubuntu 20.10 ruby2.7 2.7.1-3ubuntu1.3
Ubuntu 20.04 libruby2.7 2.7.0-5ubuntu1.4
Ubuntu 20.04 libruby2.7-dbgsym 2.7.0-5ubuntu1.4
Ubuntu 20.04 ruby2.7 2.7.0-5ubuntu1.4
Ubuntu 20.04 ruby2.7-dbgsym 2.7.0-5ubuntu1.4
Ubuntu 20.04 ruby2.7-dev 2.7.0-5ubuntu1.4
Ubuntu 20.04 ruby2.7-doc 2.7.0-5ubuntu1.4
Ubuntu 18.04 libruby2.5 2.5.1-1ubuntu1.9
Ubuntu 18.04 libruby2.5-dbgsym 2.5.1-1ubuntu1.9
Ubuntu 18.04 ruby2.5 2.5.1-1ubuntu1.9
Ubuntu 18.04 ruby2.5-dbgsym 2.5.1-1ubuntu1.9
Ubuntu 18.04 ruby2.5-dev 2.5.1-1ubuntu1.9
Ubuntu 18.04 ruby2.5-doc 2.5.1-1ubuntu1.9
Ubuntu 16.04 libruby2.3 2.3.1-2~ubuntu16.04.16
Ubuntu 16.04 libruby2.3-dbg 2.3.1-2~ubuntu16.04.16
Ubuntu 16.04 libruby2.3-dbgsym 2.3.1-2~ubuntu16.04.16
Ubuntu 16.04 ruby2.3 2.3.1-2~ubuntu16.04.16
Ubuntu 16.04 ruby2.3-dbgsym 2.3.1-2~ubuntu16.04.16
Ubuntu 16.04 ruby2.3-dev 2.3.1-2~ubuntu16.04.16
Ubuntu 16.04 ruby2.3-dev-dbgsym 2.3.1-2~ubuntu16.04.16
Ubuntu 16.04 ruby2.3-doc 2.3.1-2~ubuntu16.04.16
Ubuntu 16.04 ruby2.3-tcltk 2.3.1-2~ubuntu16.04.16
Ubuntu 16.04 ruby2.3-tcltk-dbgsym 2.3.1-2~ubuntu16.04.16

Related