Search CVE reports
51 – 52 of 52 results
CVE-2018-1000073
Low prioritySome fixes available 4 of 10
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory...
6 affected packages
jruby, ruby1.9.1, ruby2.0, ruby2.1, ruby2.3, ruby2.5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jruby | Not affected | — | Not affected | Needs evaluation | Needs evaluation |
| ruby1.9.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
| ruby2.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
| ruby2.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
| ruby2.3 | Not in release | Not in release | Not in release | Not in release | Fixed |
| ruby2.5 | Not in release | Not in release | Not in release | Fixed | Not in release |
CVE-2017-17790
Medium prioritySome fixes available 4 of 5
The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different...
3 affected packages
ruby1.9.1, ruby2.3, ruby2.5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.9.1 | — | — | — | Not in release | Not in release |
| ruby2.3 | — | — | — | Not in release | Fixed |
| ruby2.5 | — | — | — | Fixed | Not in release |