RHSA-2022:0581HighCVSS 8.8

Red Hat Security Advisory: ruby:2.6 security update

Published
February 21, 2022
Last Modified
June 27, 2026

🔗 CVE IDs covered (14)

📋 Description

CVE-2019-15845 — ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? CVE-2019-16201 — ruby: Regular expression denial of service vulnerability of WEBrick's Digest authentication CVE-2019-16254 — ruby: HTTP response splitting in WEBrick CVE-2019-16255 — ruby: Code injection via command argument of Shell#test / Shell#[] CVE-2020-10663 — rubygem-json: Unsafe object creation vulnerability in JSON CVE-2020-10933 — ruby: BasicSocket#read_nonblock method leads to information disclosure CVE-2020-25613 — ruby: Potential HTTP request smuggling in WEBrick CVE-2020-36327 — rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2021-28965 — ruby: XML round-trip vulnerability in REXML CVE-2021-31799 — rubygem-rdoc: Command injection vulnerability in RDoc CVE-2021-31810 — ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host CVE-2021-32066 — ruby: StartTLS stripping vulnerability in Net::IMAP CVE-2021-41817 — ruby: Regular expression denial of service vulnerability of Date parsing methods CVE-2021-41819 — ruby: Cookie prefix spoofing in CGI::Cookie.parse

🔗 References (18)