An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 2 - Core | ruby | 2019-08-23 03:41 | ALAS2-2019-1276 |
Amazon Linux 1 | ruby20 | 2020-08-10 23:07 | ALAS-2020-1416 |
Amazon Linux 1 | ruby23 | 2018-12-06 00:31 | ALAS-2018-1113 |
Amazon Linux 1 | ruby24 | 2018-12-06 00:31 | ALAS-2018-1113 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 5.9 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
NVD | CVSSv2 | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P |
NVD | CVSSv3 | 8.1 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |