Threat Encyclopedia



This indicates a detection of a Command Injection vulnerability in Ruby.
The vulnerability is due to an error in the application when handling a crafted request. It may allow remote attackers to execute arbitrary code on vulnerable systems, via a crafted request.

affected-products-logoAffected Products

Ruby 2.2 series: 2.2.8 and earlier
Ruby 2.3 series: 2.3.5 and earlier
Ruby 2.4 series: 2.4.2 and earlier
Ruby 2.5 series: 2.5.0-preview1
prior to trunk revision r61242


System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.

CVE References