vulnerability
CentOS Linux: CVE-2019-16254: Moderate: ruby:2.5 security, bug fix, and enhancement update (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:P/A:N) | 2019-11-26 | 2021-06-30 | 2023-05-25 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
2019-11-26
Added
2021-06-30
Modified
2023-05-25
Description
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF.
Solution(s)
centos-upgrade-rubycentos-upgrade-ruby-debuginfocentos-upgrade-ruby-debugsourcecentos-upgrade-ruby-develcentos-upgrade-ruby-doccentos-upgrade-ruby-irbcentos-upgrade-ruby-libscentos-upgrade-ruby-libs-debuginfocentos-upgrade-rubygem-abrtcentos-upgrade-rubygem-abrt-doccentos-upgrade-rubygem-bigdecimalcentos-upgrade-rubygem-bigdecimal-debuginfocentos-upgrade-rubygem-bsoncentos-upgrade-rubygem-bson-debuginfocentos-upgrade-rubygem-bson-debugsourcecentos-upgrade-rubygem-bson-doccentos-upgrade-rubygem-bundlercentos-upgrade-rubygem-bundler-doccentos-upgrade-rubygem-did_you_meancentos-upgrade-rubygem-io-consolecentos-upgrade-rubygem-io-console-debuginfocentos-upgrade-rubygem-irbcentos-upgrade-rubygem-jsoncentos-upgrade-rubygem-json-debuginfocentos-upgrade-rubygem-minitestcentos-upgrade-rubygem-mongocentos-upgrade-rubygem-mongo-doccentos-upgrade-rubygem-mysql2centos-upgrade-rubygem-mysql2-debuginfocentos-upgrade-rubygem-mysql2-debugsourcecentos-upgrade-rubygem-mysql2-doccentos-upgrade-rubygem-net-telnetcentos-upgrade-rubygem-opensslcentos-upgrade-rubygem-openssl-debuginfocentos-upgrade-rubygem-pgcentos-upgrade-rubygem-pg-debuginfocentos-upgrade-rubygem-pg-debugsourcecentos-upgrade-rubygem-pg-doccentos-upgrade-rubygem-power_assertcentos-upgrade-rubygem-psychcentos-upgrade-rubygem-psych-debuginfocentos-upgrade-rubygem-rakecentos-upgrade-rubygem-rdoccentos-upgrade-rubygem-test-unitcentos-upgrade-rubygem-xmlrpccentos-upgrade-rubygemscentos-upgrade-rubygems-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.