VDB
ALPINE-CVE-2017-10784
ALPINE-CVE-2017-10784
PUBLISHED
CVSS 8.800000190734863 HIGH
The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.
Risk Scores
CVSS v3.0
8.800000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.16 | ruby | 2.0.0, 2.0.0, 2.0.0 |
| Alpine:v3.15 | ruby | 2.4.1-r5, 2.4.1-r5, 2.4.1-r4 |
| Alpine:v3.7 | ruby | 2.2.2-r0, 2.4.1-r3, 2.4.1-r4 |
| Alpine:v3.9 | ruby | 2.3.1-r2, 2.3.3-r0, 2.3.3-r2 |
| Alpine:v3.13 | ruby | 2.4.1-r4, 2.4.1-r4, 2.4.1-r3 |
| Alpine:v3.21 | ruby | 0, 0, 0 |
| Alpine:v3.19 | ruby | *, 1.8.7_p352-r1, 1.8.7_p358-r1 |
| Alpine:v3.3 | ruby | *, 1.8.7_p160-r2, 1.8.7_p160-r3 |
| Alpine:v3.4 | ruby | 0, 1.8.7_p160-r2, 1.8.7_p160-r3 |
| Alpine:v3.6 | ruby | 2.3.3-r1, *, 2.3.2-r0 |
| Alpine:v3.10 | ruby | 2.0.0_p0-r1, 0, 1.8.7_p174-r0 |
| Alpine:v3.23 | ruby | 0, 0, 0 |
| Alpine:v3.14 | ruby | 2.3.1-r0, 2.2.4-r0, 2.2.3-r1 |
| Alpine:v3.17 | ruby | 2.3.3-r2, 2.0.0_p247-r2, 2.0.0_p247-r3 |
| Alpine:v3.11 | ruby | 2.3.2-r0, 0, 1.8.7_p160-r2 |
| Alpine:v3.8 | ruby | 2.0.0, 2.0.0, 2.0.0 |
| Alpine:v3.5 | ruby | 2.2.3-r0, 2.2.4-r0, 2.3.1-r0 |
| Alpine:v3.12 | ruby | 2.4.1-r3, 2.0.0_p0-r1, 2.0.0_p195-r0 |
| Alpine:v3.18 | ruby | 1.9.3_p286-r0, 1.8.7_p72-r2, 1.8.7_p72-r1 |
| Alpine:v3.20 | ruby | 0, 0, 0 |
…and 1 more
Timeline
- Sep 19, 2017 CVE Published
- Dec 3, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch