ALAS-2018-978 ---- ruby22 ruby23 ruby24 subpackagesID: oval:org.secpod.oval:def:1600854 | Date: (C)2018-04-02 (M)2022-08-31 |
Class: PATCH | Family: unix |
Unsafe object deserialization through YAML formatted gem specifications:A vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute arbitrary code in the context of the ruby interpreter
Platform: |
Amazon Linux AMI |
Product: |
ruby22 |
ruby23 |
ruby24 |
rubygems22 |
rubygems23 |
rubygems24 |
rubygem22 |
rubygem23 |
rubygem24 |