Описание
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [1.9.3.484-2ubuntu1.11]] |
| precise/esm | DNE | |
| trusty | released | 1.9.3.484-2ubuntu1.11 |
| trusty/esm | DNE | trusty was released [1.9.3.484-2ubuntu1.11] |
| upstream | needs-triage | |
| xenial | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [2.0.0.484-1ubuntu2.9]] |
| precise/esm | DNE | |
| trusty | released | 2.0.0.484-1ubuntu2.9 |
| trusty/esm | DNE | trusty was released [2.0.0.484-1ubuntu2.9] |
| upstream | needs-triage | |
| xenial | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 2.3.3-1ubuntu1.5 |
| bionic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/xenial | released | 2.3.1-2~16.04.9 |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | needs-triage | |
| xenial | released | 2.3.1-2~16.04.9 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | released | 2.5.1-1 |
| devel | released | 2.5.1-1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | released | 2.5.1-1 |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | needs-triage | |
| xenial | DNE |
Показывать по
Ссылки на источники
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x b ...
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.
Уязвимость методов UNIXServer.open и UNIXSocket.open интерпретатора языка программирования Ruby, позволяющая нарушителю обойти ограничения безопасности
EPSS
5 Medium
CVSS2
7.5 High
CVSS3