VYPR

rpm package

almalinux/rubygem-pg-doc

pkg:rpm/almalinux/rubygem-pg-doc

Vulnerabilities (44)

  • CVE-2019-16254Nov 26, 2019
    affected < 1.0.0-2.module_el8.5.0+2625+ec418553fixed 1.0.0-2.module_el8.5.0+2625+ec418553

    Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content t

  • CVE-2019-16201Nov 26, 2019
    affected < 1.0.0-2.module_el8.5.0+2625+ec418553fixed 1.0.0-2.module_el8.5.0+2625+ec418553

    WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network.

  • CVE-2019-19012Nov 16, 2019
    affected < 1.0.0-3.module_el8.9.0+3635+c6f99506fixed 1.0.0-3.module_el8.9.0+3635+c6f99506

    An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a d

  • CVE-2019-8324Jun 17, 2019
    affected < 1.0.0-2.module_el8.5.0+2625+ec418553fixed 1.0.0-2.module_el8.5.0+2625+ec418553

    An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall c

Page 3 of 3