Количество 14
Количество 14
CVE-2019-16254
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF.
CVE-2019-16254
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF.
CVE-2019-16254
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF.
CVE-2019-16254
CVE-2019-16254
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allow ...
GHSA-w9fp-2996-hhwx
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF.
BDU:2020-00866
Уязвимость библиотеки WEBrick интерпретатора языка программирования Ruby, позволяющая нарушителю осуществить межсайтовые сценарные атаки
openSUSE-SU-2020:0395-1
Recommended update for ruby2.5
SUSE-SU-2020:0737-1
Recommended update for ruby2.5
RLSA-2021:2587
Moderate: ruby:2.5 security, bug fix, and enhancement update
ELSA-2021-2587
ELSA-2021-2587: ruby:2.5 security, bug fix, and enhancement update (MODERATE)
RLSA-2021:2588
Moderate: ruby:2.6 security, bug fix, and enhancement update
ELSA-2021-2588
ELSA-2021-2588: ruby:2.6 security, bug fix, and enhancement update (MODERATE)
SUSE-SU-2020:1570-1
Security update for ruby2.1
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2019-16254 Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF. | CVSS3: 5.3 | 1% Низкий | почти 6 лет назад |
 | CVE-2019-16254 Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF. | CVSS3: 5.3 | 1% Низкий | почти 6 лет назад |
 | CVE-2019-16254 Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF. | CVSS3: 5.3 | 1% Низкий | почти 6 лет назад |
 | CVSS3: 5.3 | 1% Низкий | почти 5 лет назад | |
| CVE-2019-16254 Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allow ... | CVSS3: 5.3 | 1% Низкий | почти 6 лет назад |
| GHSA-w9fp-2996-hhwx Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF. | CVSS3: 5.3 | 1% Низкий | больше 3 лет назад |
 | BDU:2020-00866 Уязвимость библиотеки WEBrick интерпретатора языка программирования Ruby, позволяющая нарушителю осуществить межсайтовые сценарные атаки | CVSS3: 5.3 | 1% Низкий | около 6 лет назад |
 | openSUSE-SU-2020:0395-1 Recommended update for ruby2.5 | больше 5 лет назад | ||
| SUSE-SU-2020:0737-1 Recommended update for ruby2.5 | больше 5 лет назад | ||
 | RLSA-2021:2587 Moderate: ruby:2.5 security, bug fix, and enhancement update | около 4 лет назад | ||
| ELSA-2021-2587 ELSA-2021-2587: ruby:2.5 security, bug fix, and enhancement update (MODERATE) | около 4 лет назад | ||
| RLSA-2021:2588 Moderate: ruby:2.6 security, bug fix, and enhancement update | около 4 лет назад | ||
| ELSA-2021-2588 ELSA-2021-2588: ruby:2.6 security, bug fix, and enhancement update (MODERATE) | около 4 лет назад | ||
| SUSE-SU-2020:1570-1 Security update for ruby2.1 | больше 5 лет назад |
Уязвимостей на страницу