Описание
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
Отчет
Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. Red Hat Virtualization includes a vulnerable version of ruby, however the affected functionality is not used in Red Hat Virtualization or any of its dependencies. A future update may address this issue.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | ruby | Will not fix | ||
| Red Hat Enterprise Linux 6 | ruby | Will not fix | ||
| Red Hat Enterprise Linux 8 | ruby | Not affected | ||
| Red Hat Subscription Asset Manager | ruby193 | Will not fix | ||
| Red Hat Virtualization 4 | ruby | Will not fix | ||
| Red Hat Enterprise Linux 7 | ruby | Fixed | RHSA-2019:2028 | 06.08.2019 |
| Red Hat Enterprise Linux 7.4 Advanced Update Support | ruby | Fixed | RHSA-2020:2769 | 30.06.2020 |
| Red Hat Enterprise Linux 7.4 Telco Extended Update Support | ruby | Fixed | RHSA-2020:2769 | 30.06.2020 |
| Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions | ruby | Fixed | RHSA-2020:2769 | 30.06.2020 |
| Red Hat Enterprise Linux 7.6 Extended Update Support | ruby | Fixed | RHSA-2020:2839 | 07.07.2020 |
Показывать по
Дополнительная информация
Статус:
5.9 Medium
CVSS3
Связанные уязвимости
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5. ...
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
5.9 Medium
CVSS3