Rapid7 Vulnerability & Exploit Database

Oracle Linux: CVE-2019-8324: ELSA-2019-1972: ruby:2.5 security update (IMPORTANT) (Multiple Advisories)

Free InsightVM Trial No Credit Card Necessary

2024 Attack Intel Report Latest research by Rapid7 Labs

Back to Search

Oracle Linux: CVE-2019-8324: ELSA-2019-1972: ruby:2.5 security update (IMPORTANT) (Multiple Advisories)

Severity

CVSS

(AV:N/AC:L/Au:M/C:C/I:C/A:C)

Published

03/05/2019

Created

05/18/2019

Added

05/16/2019

Modified

07/22/2024

Description

An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check. A flaw was found in RubyGems. A crafted gem with a multi-line name is not handled correctly allowing an attacker to inject arbitrary code to the stub line of gemspec. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Solution(s)

oracle-linux-upgrade-etworkmanager-glib-is-earlier-than-1-1-12-0-8
oracle-linux-upgrade-ruby
oracle-linux-upgrade-ruby-devel
oracle-linux-upgrade-ruby-doc
oracle-linux-upgrade-rubygem-abrt
oracle-linux-upgrade-rubygem-abrt-doc
oracle-linux-upgrade-rubygem-bigdecimal
oracle-linux-upgrade-rubygem-bson
oracle-linux-upgrade-rubygem-bson-doc
oracle-linux-upgrade-rubygem-bundler
oracle-linux-upgrade-rubygem-bundler-doc
oracle-linux-upgrade-rubygem-did-you-mean
oracle-linux-upgrade-rubygem-io-console
oracle-linux-upgrade-rubygem-json
oracle-linux-upgrade-rubygem-minitest
oracle-linux-upgrade-rubygem-mongo
oracle-linux-upgrade-rubygem-mongo-doc
oracle-linux-upgrade-rubygem-mysql2
oracle-linux-upgrade-rubygem-mysql2-doc
oracle-linux-upgrade-rubygem-net-telnet
oracle-linux-upgrade-rubygem-openssl
oracle-linux-upgrade-rubygem-pg
oracle-linux-upgrade-rubygem-pg-doc
oracle-linux-upgrade-rubygem-power-assert
oracle-linux-upgrade-rubygem-psych
oracle-linux-upgrade-rubygem-rake
oracle-linux-upgrade-rubygem-rdoc
oracle-linux-upgrade-rubygems
oracle-linux-upgrade-rubygems-devel
oracle-linux-upgrade-rubygem-test-unit
oracle-linux-upgrade-rubygem-xmlrpc
oracle-linux-upgrade-ruby-irb
oracle-linux-upgrade-ruby-libs
oracle-linux-upgrade-ruby-tcltk

References

https://attackerkb.com/topics/cve-2019-8324
CVE - 2019-8324
ELSA-2019-1972
ELSA-2019-1235

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Oracle Linux: CVE-2019-8324: ELSA-2019-1972: ruby:2.5 security update (IMPORTANT) (Multiple Advisories)

Oracle Linux: CVE-2019-8324: ELSA-2019-1972: ruby:2.5 security update (IMPORTANT) (Multiple Advisories)

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.