RHSA-2021:2230MediumCVSS 8.1

Red Hat Security Advisory: rh-ruby26-ruby security, bug fix, and enhancement update

Published
June 3, 2021
Last Modified
June 27, 2026

🔗 CVE IDs covered (9)

📋 Description

CVE-2019-3881 — rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code CVE-2019-15845 — ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? CVE-2019-16201 — ruby: Regular expression denial of service vulnerability of WEBrick's Digest authentication CVE-2019-16254 — ruby: HTTP response splitting in WEBrick CVE-2019-16255 — ruby: Code injection via command argument of Shell#test / Shell#[] CVE-2020-10663 — rubygem-json: Unsafe object creation vulnerability in JSON CVE-2020-10933 — ruby: BasicSocket#read_nonblock method leads to information disclosure CVE-2020-25613 — ruby: Potential HTTP request smuggling in WEBrick CVE-2021-28965 — ruby: XML round-trip vulnerability in REXML

🔗 References (14)