vulnerability
CentOS Linux: CVE-2019-16255: Moderate: ruby:2.5 security, bug fix, and enhancement update (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | 2019-11-26 | 2021-06-30 | 2023-05-25 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
2019-11-26
Added
2021-06-30
Modified
2023-05-25
Description
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.
Solution(s)
centos-upgrade-rubycentos-upgrade-ruby-debuginfocentos-upgrade-ruby-debugsourcecentos-upgrade-ruby-develcentos-upgrade-ruby-doccentos-upgrade-ruby-irbcentos-upgrade-ruby-libscentos-upgrade-ruby-libs-debuginfocentos-upgrade-rubygem-abrtcentos-upgrade-rubygem-abrt-doccentos-upgrade-rubygem-bigdecimalcentos-upgrade-rubygem-bigdecimal-debuginfocentos-upgrade-rubygem-bsoncentos-upgrade-rubygem-bson-debuginfocentos-upgrade-rubygem-bson-debugsourcecentos-upgrade-rubygem-bson-doccentos-upgrade-rubygem-bundlercentos-upgrade-rubygem-bundler-doccentos-upgrade-rubygem-did_you_meancentos-upgrade-rubygem-io-consolecentos-upgrade-rubygem-io-console-debuginfocentos-upgrade-rubygem-irbcentos-upgrade-rubygem-jsoncentos-upgrade-rubygem-json-debuginfocentos-upgrade-rubygem-minitestcentos-upgrade-rubygem-mongocentos-upgrade-rubygem-mongo-doccentos-upgrade-rubygem-mysql2centos-upgrade-rubygem-mysql2-debuginfocentos-upgrade-rubygem-mysql2-debugsourcecentos-upgrade-rubygem-mysql2-doccentos-upgrade-rubygem-net-telnetcentos-upgrade-rubygem-opensslcentos-upgrade-rubygem-openssl-debuginfocentos-upgrade-rubygem-pgcentos-upgrade-rubygem-pg-debuginfocentos-upgrade-rubygem-pg-debugsourcecentos-upgrade-rubygem-pg-doccentos-upgrade-rubygem-power_assertcentos-upgrade-rubygem-psychcentos-upgrade-rubygem-psych-debuginfocentos-upgrade-rubygem-rakecentos-upgrade-rubygem-rdoccentos-upgrade-rubygem-test-unitcentos-upgrade-rubygem-xmlrpccentos-upgrade-rubygemscentos-upgrade-rubygems-devel
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.