Search criteria
5 vulnerabilities found for Ruby by Ruby
CVE-2015-1855 (GCVE-0-2015-1855)
Vulnerability from cvelistv5 – Published: 2019-11-29 20:46 – Updated: 2024-08-06 04:54
VLAI?
Summary
verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.
Severity ?
No CVSS data available.
CWE
- Other
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3247"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3245"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3246"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://puppetlabs.com/security/cve/cve-2015-1855"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.ruby-lang.org/issues/9644"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ruby",
"vendor": "Ruby",
"versions": [
{
"status": "affected",
"version": "before 2.0.0 patchlevel 645"
},
{
"status": "affected",
"version": "2.1.x before 2.1.6"
},
{
"status": "affected",
"version": "and 2.2.x before 2.2.2"
}
]
}
],
"datePublic": "2015-05-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-29T20:46:48.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debian.org/security/2015/dsa-3247"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debian.org/security/2015/dsa-3245"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debian.org/security/2015/dsa-3246"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://puppetlabs.com/security/cve/cve-2015-1855"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.ruby-lang.org/issues/9644"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ruby",
"version": {
"version_data": [
{
"version_value": "before 2.0.0 patchlevel 645"
},
{
"version_value": "2.1.x before 2.1.6"
},
{
"version_value": "and 2.2.x before 2.2.2"
}
]
}
}
]
},
"vendor_name": "Ruby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.debian.org/security/2015/dsa-3247",
"refsource": "MISC",
"url": "http://www.debian.org/security/2015/dsa-3247"
},
{
"name": "http://www.debian.org/security/2015/dsa-3245",
"refsource": "MISC",
"url": "http://www.debian.org/security/2015/dsa-3245"
},
{
"name": "http://www.debian.org/security/2015/dsa-3246",
"refsource": "MISC",
"url": "http://www.debian.org/security/2015/dsa-3246"
},
{
"name": "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/",
"refsource": "MISC",
"url": "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/"
},
{
"name": "https://puppetlabs.com/security/cve/cve-2015-1855",
"refsource": "MISC",
"url": "https://puppetlabs.com/security/cve/cve-2015-1855"
},
{
"name": "https://bugs.ruby-lang.org/issues/9644",
"refsource": "MISC",
"url": "https://bugs.ruby-lang.org/issues/9644"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1855",
"datePublished": "2019-11-29T20:46:48.000Z",
"dateReserved": "2015-02-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:54:16.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3624 (GCVE-0-2011-3624)
Vulnerability from cvelistv5 – Published: 2019-11-26 02:50 – Updated: 2024-08-06 23:37
VLAI?
Summary
Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header.
Severity ?
No CVSS data available.
CWE
- UNKNOWN_TYPE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3624"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3624"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3624"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.ruby-lang.org/issues/5418"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ruby",
"vendor": "Ruby",
"versions": [
{
"status": "affected",
"version": "1.9.2"
},
{
"status": "affected",
"version": "1.8.7 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "UNKNOWN_TYPE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-11T21:51:22.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3624"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3624"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3624"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.ruby-lang.org/issues/5418"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3624",
"datePublished": "2019-11-26T02:50:40.000Z",
"dateReserved": "2011-09-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:37:48.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2336 (GCVE-0-2016-2336)
Vulnerability from cvelistv5 – Published: 2017-01-06 21:00 – Updated: 2024-08-05 23:24
VLAI?
Summary
Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution.
Severity ?
No CVSS data available.
CWE
- type confusion
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0029/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ruby",
"vendor": "Ruby",
"versions": [
{
"status": "affected",
"version": "2.3.0 dev"
},
{
"status": "affected",
"version": "2.2.2"
}
]
}
],
"datePublic": "2016-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Type confusion exists in two methods of Ruby\u0027s WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "type confusion",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-06T20:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0029/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ruby",
"version": {
"version_data": [
{
"version_value": "2.3.0 dev"
},
{
"version_value": "2.2.2"
}
]
}
}
]
},
"vendor_name": "Ruby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Type confusion exists in two methods of Ruby\u0027s WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "type confusion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0029/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0029/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2336",
"datePublished": "2017-01-06T21:00:00.000Z",
"dateReserved": "2016-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:24:48.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2339 (GCVE-0-2016-2339)
Vulnerability from cvelistv5 – Published: 2017-01-06 21:00 – Updated: 2024-08-05 23:24
VLAI?
Summary
An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.
Severity ?
No CVSS data available.
CWE
- heap overflow vulnerability
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"
},
{
"name": "91234",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91234"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0034/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ruby",
"vendor": "Ruby",
"versions": [
{
"status": "affected",
"version": "2.3.0 dev"
},
{
"status": "affected",
"version": "2.2.2"
}
]
}
],
"datePublic": "2016-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable heap overflow vulnerability exists in the Fiddle::Function.new \"initialize\" function functionality of Ruby. In Fiddle::Function.new \"initialize\" heap buffer \"arg_types\" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "heap overflow vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-14T09:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"
},
{
"name": "91234",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91234"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0034/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ruby",
"version": {
"version_data": [
{
"version_value": "2.3.0 dev"
},
{
"version_value": "2.2.2"
}
]
}
}
]
},
"vendor_name": "Ruby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable heap overflow vulnerability exists in the Fiddle::Function.new \"initialize\" function functionality of Ruby. In Fiddle::Function.new \"initialize\" heap buffer \"arg_types\" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "heap overflow vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"
},
{
"name": "91234",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91234"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0034/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0034/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2339",
"datePublished": "2017-01-06T21:00:00.000Z",
"dateReserved": "2016-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:24:48.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2337 (GCVE-0-2016-2337)
Vulnerability from cvelistv5 – Published: 2017-01-06 21:00 – Updated: 2024-08-05 23:24
VLAI?
Summary
Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.
Severity ?
No CVSS data available.
CWE
- type confusion
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.158Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0031/"
},
{
"name": "91233",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91233"
},
{
"name": "[debian-lts-announce] 20180827 [SECURITY] [DLA 1480-1] ruby2.1 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html"
},
{
"name": "GLSA-201710-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ruby",
"vendor": "Ruby",
"versions": [
{
"status": "affected",
"version": "2.3.0 dev"
},
{
"status": "affected",
"version": "2.2.2"
}
]
},
{
"product": "Tcl/Tk",
"vendor": "Tcl",
"versions": [
{
"status": "affected",
"version": "8.6 or later"
}
]
}
],
"datePublic": "2016-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Type confusion exists in _cancel_eval Ruby\u0027s TclTkIp class method. Attacker passing different type of object than String as \"retval\" argument can cause arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "type confusion",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-28T09:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0031/"
},
{
"name": "91233",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91233"
},
{
"name": "[debian-lts-announce] 20180827 [SECURITY] [DLA 1480-1] ruby2.1 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html"
},
{
"name": "GLSA-201710-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ruby",
"version": {
"version_data": [
{
"version_value": "2.3.0 dev"
},
{
"version_value": "2.2.2"
}
]
}
}
]
},
"vendor_name": "Ruby"
},
{
"product": {
"product_data": [
{
"product_name": "Tcl/Tk",
"version": {
"version_data": [
{
"version_value": "8.6 or later"
}
]
}
}
]
},
"vendor_name": "Tcl"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Type confusion exists in _cancel_eval Ruby\u0027s TclTkIp class method. Attacker passing different type of object than String as \"retval\" argument can cause arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "type confusion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0031/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0031/"
},
{
"name": "91233",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91233"
},
{
"name": "[debian-lts-announce] 20180827 [SECURITY] [DLA 1480-1] ruby2.1 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html"
},
{
"name": "GLSA-201710-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2337",
"datePublished": "2017-01-06T21:00:00.000Z",
"dateReserved": "2016-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:24:49.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}