| CVE-2019-16255 |
Medium |
Yes |
Arbitrary code execution |
It has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is vulnerable to code injection. Shell#[] and its alias Shell#test defined in lib/shell.rb... |
| CVE-2019-16254 |
Medium |
Yes |
Content spoofing |
It has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is vulnerable to HTTP response splitting in WEBrick bundled with Ruby. If a program using... |
| CVE-2019-16201 |
Medium |
Yes |
Denial of service |
It has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is vulnerable to denial of service via regular expressions in WEBrick's Digest access... |
| CVE-2019-15845 |
Medium |
Yes |
Insufficient validation |
It has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is vulnerable to NUL injection in built-in methods (File.fnmatch and File.fnmatch?). An... |