Lucene search

[email protected]NVD:CVE-2018-16396

HistoryNov 16, 2018 - 6:29 p.m.

CVE-2018-16396

2018-11-1618:29:01

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.009

Percentile

83.4%

JSON

An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.

Affected configurations

Nvd

Node

ruby-langrubyRange2.3.0–2.3.7

ruby-langrubyRange2.4.0–2.4.4

ruby-langrubyRange2.5.0–2.5.1

ruby-langrubyMatch2.6.0preview1

ruby-langrubyMatch2.6.0preview2

Node

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch18.10

Node

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

Node

redhatenterprise_linuxMatch6.0

redhatenterprise_linuxMatch7.0

redhatenterprise_linuxMatch7.4

redhatenterprise_linuxMatch7.5

redhatenterprise_linuxMatch7.6

VendorProductVersionCPE
ruby-langruby*cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*
ruby-langruby2.6.0cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1:*:*:*:*:*:*
ruby-langruby2.6.0cpe:2.3:a:ruby-lang:ruby:2.6.0:preview2:*:*:*:*:*:*
canonicalubuntu_linux14.04cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
canonicalubuntu_linux16.04cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
canonicalubuntu_linux18.04cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
canonicalubuntu_linux18.10cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
redhatenterprise_linux6.0cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ruby-lang	ruby	*	cpe:2.3:a:ruby-lang:ruby::::::::
ruby-lang	ruby	2.6.0	cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1::::::
ruby-lang	ruby	2.6.0	cpe:2.3:a:ruby-lang:ruby:2.6.0:preview2::::::
canonical	ubuntu_linux	14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
canonical	ubuntu_linux	16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
canonical	ubuntu_linux	18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
canonical	ubuntu_linux	18.10	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
debian	debian_linux	8.0	cpe:2.3:o:debian:debian_linux:8.0:::::::*
debian	debian_linux	9.0	cpe:2.3:o:debian:debian_linux:9.0:::::::*
redhat	enterprise_linux	6.0	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*