vulnerability

OS X update for Ruby (CVE-2017-10784)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:N/C:C/I:C/A:C)	Sep 19, 2017	Oct 31, 2018	Aug 13, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

Sep 19, 2017

Added

Oct 31, 2018

Modified

Aug 13, 2025

Description

The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.

Solutions

apple-osx-security-update-2018-002-high-sierraapple-osx-upgrade-10_13_6

References

CVE-2017-10784
https://attackerkb.com/topics/CVE-2017-10784
CWE-287
URL-https://support.apple.com/kb/HT208937
URL-https://support.apple.com/kb/HT209193

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today