Описание
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | needs-triage | |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | needs-triage | |
| esm-apps/noble | needs-triage | |
| esm-apps/xenial | needs-triage | |
| esm-infra-legacy/trusty | released | 1.5.6-9+deb8u2build0.14.04.1~esm2 |
| focal | ignored | end of standard support, was needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| esm-infra/xenial | released | 2.3.1-2~ubuntu16.04.14 |
| focal | DNE | |
| groovy | DNE | |
| hirsute | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2.5.1-1ubuntu1.6 |
| devel | DNE | |
| disco | released | 2.5.5-1ubuntu1.1 |
| eoan | released | 2.5.5-4ubuntu2.1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | released | 2.5.1-1ubuntu1.6 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE | |
| hirsute | DNE |
Показывать по
EPSS
6.8 Medium
CVSS2
8.1 High
CVSS3
Связанные уязвимости
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allow ...
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.
EPSS
6.8 Medium
CVSS2
8.1 High
CVSS3