Уязвимость CVE-2019-16254: Информация
Описание
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF.
Важность: MEDIUM (5,3) Вектор: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Исправленные пакеты
Имя пакета | Ветка | Исправлено в версии | Версия в репозитории | Errata ID | № Задания | Состояние |
---|---|---|---|---|---|---|
ruby | sisyphus | 2.3.1-alt1 | 3.1.4-alt4.3 | ALT-PU-2016-2061-1 | 169285 | Исправлено |
ruby | sisyphus_riscv64 | 2.7.5-alt1 | 3.1.4-alt4.3 | ALT-PU-2022-3750-1 | - | Исправлено |
ruby | p10 | 2.3.1-alt1 | 3.1.4-alt2.p10.1 | ALT-PU-2016-2061-1 | 169285 | Исправлено |
ruby | p9 | 2.5.9-alt1 | 2.5.9-alt1 | ALT-PU-2020-3411-1 | 261867 | Исправлено |
ruby | p8 | 2.3.1-alt1.M80P.1 | 2.5.1-alt0.M80P.1 | ALT-PU-2017-2097-1 | 187296 | Исправлено |
ruby | c10f1 | 2.3.1-alt1 | 2.7.4-alt2.2.1 | ALT-PU-2016-2061-1 | 169285 | Исправлено |
ruby | c9f2 | 2.5.9-alt1.c9f2 | 2.7.6-alt0.1.c9f2 | ALT-PU-2021-3068-1 | 287105 | Исправлено |