vulnerability
Oracle Linux: CVE-2018-1000079: ELSA-2019-2028: ruby security update (MODERATE) (Multiple Advisories)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:L/AC:L/Au:N/C:N/I:C/A:N) | Feb 15, 2018 | Jul 21, 2020 | Nov 29, 2024 |
Severity
5
CVSS
(AV:L/AC:L/Au:N/C:N/I:C/A:N)
Published
Feb 15, 2018
Added
Jul 21, 2020
Modified
Nov 29, 2024
Description
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6.
Solution(s)
oracle-linux-upgrade-rubyoracle-linux-upgrade-ruby-develoracle-linux-upgrade-ruby-docoracle-linux-upgrade-rubygem-bigdecimaloracle-linux-upgrade-rubygem-io-consoleoracle-linux-upgrade-rubygem-jsonoracle-linux-upgrade-rubygem-minitestoracle-linux-upgrade-rubygem-psychoracle-linux-upgrade-rubygem-rakeoracle-linux-upgrade-rubygem-rdocoracle-linux-upgrade-rubygemsoracle-linux-upgrade-rubygems-develoracle-linux-upgrade-ruby-irboracle-linux-upgrade-ruby-libsoracle-linux-upgrade-ruby-tcltk

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.