VDB

RHSA-2026%3A18039

RHSA-2026%3A18039 PUBLISHED CVSS 8.100000381469727 HIGH

A flaw was found in ERB, a templating system for Ruby. An attacker who can trigger deserialization of untrusted data in a Ruby application can bypass existing protections. This vulnerability allows for arbitrary code execution by exploiting specific public methods that evaluate template source code, which were not properly guarded against deserialization attacks.

Risk Scores

CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Red Hatrubygem-bundler-0:2.2.33-166.el9_7.noarch as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)2.2.33-166.el9
Red Hatrubygem-json-debuginfo-0:2.5.1-166.el9_7.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)2.5.1-166.el9
Red Hatruby-debugsource-0:3.0.7-166.el9_7.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)3.0.7-166.el9
Red Hatrubygem-io-console-debuginfo-0:0.5.7-166.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)0.5.7-166.el9
Red Hatrubygem-psych-debuginfo-0:3.3.2-166.el9_7.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)3.3.2-166.el9
Red Hatrubygem-bundler-0:2.2.33-166.el9_7.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)2.2.33-166.el9
Red Hatrubygems-0:3.2.33-166.el9_7.noarch as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)3.2.33-166.el9
Red Hatruby-libs-0:3.0.7-166.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)3.0.7-166.el9
Red Hatrubygem-json-debuginfo-0:2.5.1-166.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)2.5.1-166.el9
Red Hatrubygem-json-0:2.5.1-166.el9_7.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)2.5.1-166.el9
Red Hatrubygem-rss-0:0.2.9-166.el9_7.noarch as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)0.2.9-166.el9
Red Hatruby-debuginfo-0:3.0.7-166.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)3.0.7-166.el9
Red Hatruby-debugsource-0:3.0.7-166.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)3.0.7-166.el9
Red Hatrubygem-bigdecimal-0:3.0.0-166.el9_7.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)3.0.0-166.el9
Red Hatrubygem-psych-debuginfo-0:3.3.2-166.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)3.3.2-166.el9
Red Hatruby-debuginfo-0:3.0.7-166.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)3.0.7-166.el9
Red Hatruby-debuginfo-0:3.0.7-166.el9_7.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)3.0.7-166.el9
Red Hatrubygem-bigdecimal-debuginfo-0:3.0.0-166.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)3.0.0-166.el9
Red Hatrubygem-rake-0:13.0.3-166.el9_7.noarch as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)13.0.3-166.el9
Red Hatrubygem-io-console-debuginfo-0:0.5.7-166.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)0.5.7-166.el9

…and 144 more

Timeline

  • May 18, 2026 CVE Published
  • May 18, 2026 CVE Updated
  • May 18, 2026 Distribution Patch
  • May 18, 2026 Distribution Patch
  • May 18, 2026 Security Advisory
  • May 18, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›