Ruby: Multiple Vulnerabilities (CVE-2017-17742, CVE-2018-6914, CVE-2018-8777, CVE-2018-8778, CVE-2018-8779, CVE-2018-8780)
Ruby has multiple vulnerabilities:
- CVE-2017-17742: HTTP response splitting in WEBrick
- CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
- CVE-2018-8777: DoS by large request in WEBrick
- CVE-2018-8778: Buffer under-read in String#unpack
- CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket
- CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
- Multiple vulnerabilities in RubyGems
Fixed In Version:
ruby 2.5.1, 2.4.4, 2.3.7, 2.2.10
(from redmine: issue id 8746, created on 2018-03-29, closed on 2018-04-03)
- Relations:
- child #8747 (closed)
- child #8748 (closed)
- child #8749 (closed)
- child #8750 (closed)