ruby:2.5 security update
Discription

ruby
[2.5.9-109.0.1]
– Rebuild with a dependency containing fix for Orabug: 33921593
[2.5.9-109]
– Properly fix command injection vulnerability in Rdoc.
Related: CVE-2021-31799
[2.5.9-108]
– Fix command injection vulnerability in RDoc.
Resolves: CVE-2021-31799
– Fix StartTLS stripping vulnerability in Net::IMAP
Resolves: CVE-2021-32066
– Fix FTP PASV command response can cause Net::FTP to connect to arbitrary host.
Resolves: CVE-2021-31810Read More

5.8 Medium

CVSS2

  • Access Complexity
  • Access Vector
  • Authentication
  • Availability Impact
  • Confidentiality Impact
  • Integrity Impact
  • Medium
  • Network
  • None
  • None
  • Partial
  • Partial

AV:N/AC:M/Au:N/C:P/I:P/A:N

7.4 High

CVSS3

  • Attack Complexity
  • Attack Vector
  • Availability Impact
  • Confidentiality Impact
  • Integrity Impact
  • Privileges Required
  • Scope
  • User Interaction
  • High
  • Network
  • None
  • High
  • High
  • None
  • Unchanged
  • None

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Back to Main
Subscribe for the latest news: