Vulnerability & Exploit Database

Displaying all 8 entries

Results for: CVE-2017-17790 Back to search

Ubuntu: USN-3528-1 (CVE-2017-17790): Ruby vulnerabilities Vulnerability

  • Severity: 8
  • Published: December 20, 2017

The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.

Red Hat: CVE-2017-17790: Important: ruby security update (RHSA-2018:0378) Vulnerability

  • Severity: 8
  • Published: December 20, 2017

The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.

Oracle Linux: (CVE-2017-17790) ELSA-2018-0378: ruby security update Vulnerability

  • Severity: 8
  • Published: December 20, 2017

The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.

Huawei EulerOS: CVE-2017-17790: ruby security update Vulnerability

  • Severity: 8
  • Published: December 20, 2017

The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.

Huawei EulerOS: CVE-2017-17790: ruby security update Vulnerability

  • Severity: 8
  • Published: December 20, 2017

The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.

Debian: CVE-2017-17790: ruby2.3 -- security update Vulnerability

  • Severity: 8
  • Published: December 20, 2017

The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.

CentOS: (CVE-2017-17790) CESA-2018:0378: ruby Vulnerability

  • Severity: 8
  • Published: December 20, 2017

The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.