Explore top 10 tips to secure your open-source projects now. Read More
×
Aaron Patterson reported that WEBrick bundled with Ruby was vulnerable to
an HTTP response splitting vulnerability. It was possible for an attacker
to inject fake HTTP responses if a script accepted an external input and
output it without modifications.
CVE-2018-6914
ooooooo_q discovered a directory traversal vulnerability in the
Dir.mktmpdir method in the tmpdir library. It made it possible for
attackers to create arbitrary directories or files via a .. (dot dot) in
the prefix argument.
CVE-2018-8777
Eric Wong reported an out-of-memory DoS vulnerability related to a large
request in WEBrick bundled with Ruby.
CVE-2018-8778
aerodudrizzt found a buffer under-read vulnerability in the Ruby
String#unpack method. If a big number was passed with the specifier @,
the number was treated as a negative value, and an out-of-buffer read
occurred. Attackers could read data on heaps if an script accepts an
external input as the argument of String#unpack.
Get the latest Linux and open source security news straight to your inbox.