[3.7] ruby: Multiple vulnerabilities (CVE-2019-8320, CVE-2019-8321, CVE-2019-8322, CVE-2019-8323, CVE-2019-8324, CVE-2019-8325)ID: oval:org.secpod.oval:def:1801425 | Date: (C)2019-05-13 (M)2022-07-20 |
Class: PATCH | Family: unix |
CVE-2019-8320: Delete directory using symlink when decompressing tar CVE-2019-8321: Escape sequence injection vulnerability in verbose CVE-2019-8322: Escape sequence injection vulnerability in gem owner CVE-2019-8323: Escape sequence injection vulnerability in API response handling CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution CVE-2019-8325: Escape sequence injection vulnerability in errors Affected Versions:¶ Ruby 2.4 series: 2.4.5 and earlier Ruby 2.5 series: 2.5.3 and earlier
Platform: |
Alpine Linux 3.7 |