Command Injection

2019-05-1602:49:49

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.028 Low

EPSS

Percentile

90.7%

JSON

Ruby is vulnerable to command injection attacks. This is because lazy_initialize function in lib/resolv.rb do not properly process certain filenames. A remote attacker could possibly exploit this flaw to inject and execute arbitrary commands.

CPENameOperatorVersion
rh-ruby22-rubyeq2.2.2__11.el6
rh-ruby22-rubyeq2.2.2__15.el6
rh-ruby22-rubyeq2.2.2__16.el6
rh-ruby22-rubyeq2.2.2__16.el7
rh-ruby22-rubyeq2.2.2__12.el6
rh-ruby24-rubyeq2.4.0__75.el7
rh-ruby24-rubyeq2.4.2__86.el6
rh-ruby24-rubyeq2.4.0__75.el6
rh-ruby23-rubyeq2.3.1__64.el7
rh-ruby23-rubyeq2.3.1__64.el6

Name	Operator	Version
rh-ruby22-ruby	eq	2.2.2__11.el6
rh-ruby22-ruby	eq	2.2.2__15.el6
rh-ruby22-ruby	eq	2.2.2__16.el6
rh-ruby22-ruby	eq	2.2.2__16.el7
rh-ruby22-ruby	eq	2.2.2__12.el6
rh-ruby24-ruby	eq	2.4.0__75.el7
rh-ruby24-ruby	eq	2.4.2__86.el6
rh-ruby24-ruby	eq	2.4.0__75.el6
rh-ruby23-ruby	eq	2.3.1__64.el7
rh-ruby23-ruby	eq	2.3.1__64.el6