RHSA-2020:2769HighCVSS 7.2
Red Hat Security Advisory: ruby security update
🔗 CVE IDs covered (6)
📋 Description
CVE-2018-16396 — ruby: Tainted flags are not propagated in Array#pack and String#unpack with some directives CVE-2019-8321 — rubygems: Escape sequence injection vulnerability in verbose CVE-2019-8322 — rubygems: Escape sequence injection vulnerability in gem owner CVE-2019-8323 — rubygems: Escape sequence injection vulnerability in API response handling CVE-2019-8324 — rubygems: Installing a malicious gem may lead to arbitrary code execution CVE-2019-8325 — rubygems: Escape sequence injection vulnerability in errors
🔗 References (9)
- selfhttps://access.redhat.com/errata/RHSA-2020:2769
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1643089
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1692514
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1692516
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1692519
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1692520
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1692522
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2769.json