Описание
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2018-16396
- https://hackerone.com/reports/385070
- https://access.redhat.com/errata/RHSA-2018:3729
- https://access.redhat.com/errata/RHSA-2018:3730
- https://access.redhat.com/errata/RHSA-2018:3731
- https://access.redhat.com/errata/RHSA-2019:2028
- https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html
- https://security.netapp.com/advisory/ntap-20190221-0002
- https://usn.ubuntu.com/3808-1
- https://www.debian.org/security/2018/dsa-4332
- https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396
- https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released
- https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released
- https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released
- https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
- http://www.securitytracker.com/id/1042106
Связанные уязвимости
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5. ...
