vulnerability

Gentoo Linux: CVE-2019-16255: Ruby: Multiple vulnerabilities

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Nov 26, 2019

Added

Mar 16, 2020

Modified

Mar 31, 2026

Description

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.

Solution

gentoo-linux-upgrade-dev-lang-ruby

References

CVE-2019-16255
https://attackerkb.com/topics/CVE-2019-16255
CWE-94
EUVD-EUVD-2019-7061
GENTOO-202003-06
https://euvd.enisa.europa.eu/vulnerability/EUVD-2019-7061

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report