ruby

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description An object-oriented language for quick and easy programming
Version 2.6.5-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1039 2.6.4-1 2.6.5-1 Medium Fixed FS#63977
Issue Group Severity Remote Type Description
CVE-2019-16255 AVG-1039 Medium Yes Arbitrary code execution
It has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is vulnerable to code injection. Shell#[] and its alias Shell#test defined in lib/shell.rb...
CVE-2019-16254 AVG-1039 Medium Yes Content spoofing
It has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is vulnerable to HTTP response splitting in WEBrick bundled with Ruby. If a program using...
CVE-2019-16201 AVG-1039 Medium Yes Denial of service
It has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is vulnerable to denial of service via regular expressions in WEBrick's Digest access...
CVE-2019-15845 AVG-1039 Medium Yes Insufficient validation
It has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is vulnerable to NUL injection in built-in methods (File.fnmatch and File.fnmatch?). An...

Advisories

Date Advisory Group Severity Description
02 Oct 2019 ASA-201910-2 AVG-1039 Medium multiple issues