ruby2.5

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description An object-oriented language for quick and easy programming (version 2.5)
Version 2.5.7-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1040 2.5.6-1 2.5.7-1 Medium Fixed FS#63977
Issue Group Severity Remote Type Description
CVE-2019-16255 AVG-1040 Medium Yes Arbitrary code execution
It has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is vulnerable to code injection. Shell#[] and its alias Shell#test defined in lib/shell.rb...
CVE-2019-16254 AVG-1040 Medium Yes Content spoofing
It has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is vulnerable to HTTP response splitting in WEBrick bundled with Ruby. If a program using...
CVE-2019-16201 AVG-1040 Medium Yes Denial of service
It has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is vulnerable to denial of service via regular expressions in WEBrick's Digest access...
CVE-2019-15845 AVG-1040 Medium Yes Insufficient validation
It has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is vulnerable to NUL injection in built-in methods (File.fnmatch and File.fnmatch?). An...
CVE-2015-9251 AVG-1040 Medium Yes Cross-site scripting
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing...
CVE-2012-6708 AVG-1040 Medium Yes Cross-site scripting
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a...

Advisories

Date Advisory Group Severity Description
02 Oct 2019 ASA-201910-5 AVG-1040 Medium multiple issues