EPSS
Percentile
83.4%
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
bugzilla.redhat.com/show_bug.cgi?id=1643089
www.cve.org/CVERecord?id=CVE-2018-16396 https://nvd.nist.gov/vuln/detail/CVE-2018-16396 https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/