CVE-2019-15845
Advisory lineage Upstream: 0 Downstream: 16
Modified
Published: 26 Nov 2019, 16:45
Last modified:05 Aug 2024, 01:03
Vulnerability Summary
Overall Risk (default)
medium
26/100 CVSS Score
6.5 MEDIUM
v3.1 (nvd)
EPSS Score
0.32% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
26 Nov 2019, 16:45
Published
Vulnerability first disclosed
05 Aug 2024, 01:03
Last Modified
Vulnerability information updated
Description
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions.
CVSS Metrics
- v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
- v2.0•MEDIUM•Score: 6.4AV:N/AC:L/Au:N/C:P/I:P/A:N
EPSS Trends
Current EPSS score: 0.32%• Percentile: 55%
Affected Systems
- canonical•ubuntu_linux
16.04 | 18.04 | 19.04 | 19.10
- ruby-lang•ruby
≥ 2.4.0, ≤ 2.4.7 | ≥ 2.5.0, ≤ 2.5.6 | ≥ 2.6.0, ≤ 2.6.4
References (9)
- https://hackerone.com/reports/449617
- https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html
- https://usn.ubuntu.com/4201-1/
- https://seclists.org/bugtraq/2019/Dec/31
- https://seclists.org/bugtraq/2019/Dec/32
- https://www.debian.org/security/2019/dsa-4587
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://security.gentoo.org/glsa/202003-06
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html