VYPR

rpm package

almalinux/rubygem-mysql2

pkg:rpm/almalinux/rubygem-mysql2

Vulnerabilities (44)

  • CVE-2019-16254Nov 26, 2019
    affected < 0.4.10-4.module_el8.5.0+259+8cec6917fixed 0.4.10-4.module_el8.5.0+259+8cec6917

    Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content t

  • CVE-2019-16201Nov 26, 2019
    affected < 0.4.10-4.module_el8.5.0+259+8cec6917fixed 0.4.10-4.module_el8.5.0+259+8cec6917

    WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network.

  • CVE-2019-19012Nov 16, 2019
    affected < 0.4.10-4.module_el8.5.0+259+8cec6917fixed 0.4.10-4.module_el8.5.0+259+8cec6917

    An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a d

  • CVE-2019-8324Jun 17, 2019
    affected < 0.4.10-4.module_el8.5.0+259+8cec6917fixed 0.4.10-4.module_el8.5.0+259+8cec6917

    An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall c

Page 3 of 3