Описание
Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution.
Отчет
This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux or Red Hat Software Collections as they did not include support for OLE.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | rh-ruby22-ruby | Not affected | ||
| CloudForms Management Engine 5 | ruby-200-ruby | Not affected | ||
| Red Hat Enterprise Linux 5 | ruby | Not affected | ||
| Red Hat Enterprise Linux 6 | ruby | Not affected | ||
| Red Hat Enterprise Linux 7 | ruby | Not affected | ||
| Red Hat Software Collections | rh-ruby22-ruby | Not affected | ||
| Red Hat Software Collections | rh-ruby23-ruby | Not affected | ||
| Red Hat Software Collections | ruby200-ruby | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
8.1 High
CVSS3
Связанные уязвимости
Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution.
Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution.
Type confusion exists in two methods of Ruby's WIN32OLE class, ole_inv ...
Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution.
Уязвимость класса WIN32OLE методов ole_invoke и ole_query_interface интерпретатора Ruby, позволяющая нарушителю выполнить произвольный код
EPSS
8.1 High
CVSS3