RHSA-2021:2588MediumCVSS 8.1
Red Hat Security Advisory: ruby:2.6 security, bug fix, and enhancement update
🔗 CVE IDs covered (9)
📋 Description
CVE-2019-3881 — rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code CVE-2019-15845 — ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? CVE-2019-16201 — ruby: Regular expression denial of service vulnerability of WEBrick's Digest authentication CVE-2019-16254 — ruby: HTTP response splitting in WEBrick CVE-2019-16255 — ruby: Code injection via command argument of Shell#test / Shell#[] CVE-2020-10663 — rubygem-json: Unsafe object creation vulnerability in JSON CVE-2020-10933 — ruby: BasicSocket#read_nonblock method leads to information disclosure CVE-2020-25613 — ruby: Potential HTTP request smuggling in WEBrick CVE-2021-28965 — ruby: XML round-trip vulnerability in REXML
🔗 References (14)
- selfhttps://access.redhat.com/errata/RHSA-2021:2588
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1651826
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1773728
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1789407
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1789556
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1793683
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1827500
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1833291
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1883623
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1947526
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1952627
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1954968
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2588.json