Information Disclosure

2020-08-0621:34:05

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

ruby is vulnerable to information disclosure. The vulnerability exists in BasicSocket#read_nonblock(requested_size, buffer, exception: false) resizing the buffer to fit the requested size, but no data is copied which allows an attacker to access sensitive data from the interpreter.

CPENameOperatorVersion
ruby:3.10eq2.5.7-r0
ruby:edgeeq2.6.5-r2
rh-ruby25-rubyeq2.5.5__7.el7
rh-ruby25-rubyeq2.5.3__6.el7
rh-ruby25-rubyeq2.5.0__5.el7
rh-ruby26-rubyeq2.6.2__118.el7
ruby:3.10eq2.5.7-r0
ruby:edgeeq2.6.5-r2
rh-ruby25-rubyeq2.5.5__7.el7
rh-ruby25-rubyeq2.5.3__6.el7

Name	Operator	Version
ruby:3.10	eq	2.5.7-r0
ruby:edge	eq	2.6.5-r2
rh-ruby25-ruby	eq	2.5.5__7.el7
rh-ruby25-ruby	eq	2.5.3__6.el7
rh-ruby25-ruby	eq	2.5.0__5.el7
rh-ruby26-ruby	eq	2.6.2__118.el7
ruby:3.10	eq	2.5.7-r0
ruby:edge	eq	2.6.5-r2
rh-ruby25-ruby	eq	2.5.5__7.el7
rh-ruby25-ruby	eq	2.5.3__6.el7