vulnerability
Oracle Linux: CVE-2018-8780: ELSA-2019-2028: ruby security update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:N/C:P/I:P/A:N) | 2018-03-28 | 2020-07-21 | 2024-11-29 |
Severity
6
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published
2018-03-28
Added
2020-07-21
Modified
2024-11-29
Description
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed.
It was found that the methods from the Dir class did not properly handle strings containing the NULL byte. An attacker, able to inject NULL bytes in a path, could possibly trigger an unspecified behavior of the ruby script.
It was found that the methods from the Dir class did not properly handle strings containing the NULL byte. An attacker, able to inject NULL bytes in a path, could possibly trigger an unspecified behavior of the ruby script.
Solution(s)
oracle-linux-upgrade-rubyoracle-linux-upgrade-ruby-develoracle-linux-upgrade-ruby-docoracle-linux-upgrade-rubygem-bigdecimaloracle-linux-upgrade-rubygem-io-consoleoracle-linux-upgrade-rubygem-jsonoracle-linux-upgrade-rubygem-minitestoracle-linux-upgrade-rubygem-psychoracle-linux-upgrade-rubygem-rakeoracle-linux-upgrade-rubygem-rdocoracle-linux-upgrade-rubygemsoracle-linux-upgrade-rubygems-develoracle-linux-upgrade-ruby-irboracle-linux-upgrade-ruby-libsoracle-linux-upgrade-ruby-tcltk
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.