Vulnerability Manager Plus

ruby2.3 security update(DSA-4031-1) ruby2.3_2.3.3-1+deb9u2_i386.deb

Risk Information

Base Score

9.8

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

4.623%

CVE Information

Source CVE
CVE-2017-0903

Associated CVE
CVE-2017-0903
CVE-2017-10784
CVE-2017-0898
CVE-2017-14033

Patch Details

No records found

References

http://blog.rubygems.org/2017/10/09/2.6.14-released.html
http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html
http://www.securityfocus.com/bid/100853
http://www.securityfocus.com/bid/100862
http://www.securityfocus.com/bid/100868
http://www.securityfocus.com/bid/101275
http://www.securitytracker.com/id/1039363
https://access.redhat.com/errata/RHSA-2017:3485
https://access.redhat.com/errata/RHSA-2018:0378
https://github.com/mruby/mruby/issues/3722
https://github.com/rubygems/rubygems/commit/510b1638ac9bba3ceb7a5d73135dafff9e5bab49
https://hackerone.com/reports/212241
https://hackerone.com/reports/274990
https://security.gentoo.org/glsa/201710-18
https://usn.ubuntu.com/3528-1/
https://usn.ubuntu.com/3553-1/
https://www.debian.org/security/2017/dsa-4031
https://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/
https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/
https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/
https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/
https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/