Vulnetix
Try Vulnetix Request Demo
BIT-ruby-2024-27282 PUBLISHED CVSS 6.599999904632568 MEDIUM

An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1.

Risk Scores

CVSS v3.1
6.599999904632568
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

Affected Products

VendorProductVersions
Bitnamiruby0, 3.2.0, 3.3.0

Timeline

References

Open in Interactive Console →