Search CVE reports
71 – 71 of 71 results
Some fixes available 4 of 5
The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different...
3 affected packages
ruby2.5, ruby1.9.1, ruby2.3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ruby2.5 | — | — | — | — | Fixed |
| ruby1.9.1 | — | — | — | — | Not in release |
| ruby2.3 | — | — | — | — | Not in release |