Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2017-17790

Опубликовано: 20 дек. 2017
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 7.5
CVSS3: 9.8

Описание

The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.

РелизСтатусПримечание
artful

DNE

bionic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was released [1.9.3.484-2ubuntu1.7]]
precise/esm

DNE

trusty

released

1.9.3.484-2ubuntu1.7
trusty/esm

DNE

trusty was released [1.9.3.484-2ubuntu1.7]
upstream

needs-triage

xenial

DNE

zesty

DNE

Показывать по

РелизСтатусПримечание
artful

released

2.3.3-1ubuntu1.2
bionic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/xenial

released

2.3.1-2~16.04.5
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

needs-triage

xenial

released

2.3.1-2~16.04.5

Показывать по

РелизСтатусПримечание
artful

DNE

bionic

released

2.5.1-1
devel

released

2.5.1-1
esm-infra-legacy/trusty

DNE

esm-infra/bionic

released

2.5.1-1
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

needs-triage

xenial

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 92%
0.07899
Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

redhat логотип

CVE-2017-17790

CVSS3: 8.1
redhat
почти 8 лет назад

The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.

nvd логотип

CVE-2017-17790

CVSS3: 9.8
nvd
почти 8 лет назад

The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.

debian логотип

CVE-2017-17790

CVSS3: 9.8
debian
почти 8 лет назад

The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 us ...

github логотип

GHSA-47cm-jxff-w8wg

CVSS3: 9.8
github
больше 3 лет назад

The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.

fstec логотип

BDU:2019-04563

CVSS3: 9.8
fstec
почти 8 лет назад

Уязвимость функции lazy_initialize интерпретатора языка программирования Ruby, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 92%
0.07899
Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3