vulnerability
Amazon Linux AMI: CVE-2019-16255: Security patch for ruby24 (ALAS-2020-1422)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Oct 1, 2019 | Sep 1, 2020 | Sep 1, 2020 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Oct 1, 2019
Added
Sep 1, 2020
Modified
Sep 1, 2020
Description
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.
Solution
amazon-linux-upgrade-ruby24
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.