mruby

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description An interpreter for the Ruby programming language with the intention of being lightweight and easily embeddable
Version 3.0.0-1 [community]

Open

Group Affected Fixed Severity Status Ticket
AVG-2644 3.0.0-1 Low Vulnerable
Issue Group Severity Remote Type Description
CVE-2021-4110 AVG-2644 Low No Denial of service
mruby is vulnerable to a NULL pointer dereference.

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2116 2.1.2-1 3.0.0-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2020-36401 AVG-2116 Medium Yes Arbitrary code execution
mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_free and obj_free).

Advisories

Date Advisory Group Severity Type
01 Jul 2021 ASA-202107-10 AVG-2116 Medium arbitrary code execution