Описание
CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.
| Релиз | Статус | Примечание |
|---|---|---|
| esm-infra/xenial | not-affected | |
| trusty | ignored | end of standard support |
| upstream | needs-triage | |
| xenial | ignored | end of standard support |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | |
| esm-infra/bionic | not-affected | |
| trusty | ignored | end of standard support |
| upstream | needs-triage | |
| xenial | ignored | end of standard support |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| esm-infra/focal | not-affected | 2.7.0-5ubuntu1.6 |
| focal | released | 2.7.0-5ubuntu1.6 |
| hirsute | released | 2.7.2-4ubuntu1.3 |
| impish | released | 2.7.4-1ubuntu3.1 |
| trusty | ignored | end of standard support |
| upstream | needs-triage | |
| xenial | ignored | end of standard support |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 3.0.2-7ubuntu2 |
| jammy | released | 3.0.2-7ubuntu2 |
| trusty | ignored | end of standard support |
| upstream | needs-triage | |
| xenial | ignored | end of standard support |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.
CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.
CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integ ...
Уязвимость программного средства cgi gem, вызванная выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код в целевой системе
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3