VDB
DEBIAN-CVE-2024-27282
DEBIAN-CVE-2024-27282
PUBLISHED
CVSS 6.599999904632568 MEDIUM
An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1.
Risk Scores
CVSS 3.1
6.599999904632568
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | ruby3.1 | 0, 3.1.2-7, 0 |
| Debian:11 | ruby2.7 | 0, 2.7.4-1, 2.7.4-1+deb11u1 |
Timeline
- May 14, 2024 CVE Published
- Apr 28, 2026 CVE Updated