[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2018-0411":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":30,"duplicates":31,"related":32,"reserved_at":9,"published_at":41,"modified_at":42,"state":9,"summary":43,"references_raw":45,"kevs":94,"epss":9,"epss_history":95,"metrics":96,"affected":97},"MGASA-2018-0411","Updated ruby packages fix security vulnerability\n\nRuby before 2.2.10 allows an HTTP Response Splitting attack. An attacker\ncan inject a crafted key and value into an HTTP response for the HTTP\nserver of WEBrick (CVE-2017-17742).\n\nDirectory traversal vulnerability in the Dir.mktmpdir method in the tmpdir\nlibrary in Ruby before 2.2.10 might allow attackers to create arbitrary\ndirectories or files via a .. (dot dot) in the prefix argument\n(CVE-2018-6914).\n\nIn Ruby before 2.2.10, an attacker can pass a large HTTP request with a\ncrafted header to WEBrick server or a crafted body to WEBrick\nserver/handler and cause a denial of service (memory consumption)\n(CVE-2018-8777).\n\nIn Ruby before 2.2.10, an attacker controlling the unpacking format\n(similar to format string vulnerabilities) can trigger a buffer under-read\nin the String#unpack method, resulting in a massive and controlled\ninformation disclosure (CVE-2018-8778).\n\nIn Ruby before 2.2.10, the UNIXServer.open and UNIXSocket.open methods are\nnot checked for null characters. It may be connected to an unintended\nsocket (CVE-2018-8779).\n\nIn Ruby before 2.2.10, the Dir.open, Dir.new, Dir.entries and Dir.empty?\nmethods do not check NULL characters. When using the corresponding method,\nunintentional directory traversal may be performed (CVE-2018-8780).\n\nDue to a bug in the equality check of OpenSSL::X509::Name, if a malicious\nX.509 certificate is passed to compare with an existing certificate, there\nis a possibility to be judged incorrectly that they are equal\n(CVE-2018-16395).\n\nIn Array#pack and String#unpack with some formats, the tainted flags of\nthe original data are not propagated to the returned string/array\n(CVE-2018-16396).\n",null,[],[],[],[14,16,18,20,22,24,26,28],{"_key":15},"CVE-2017-17742",{"_key":17},"CVE-2018-16395",{"_key":19},"CVE-2018-16396",{"_key":21},"CVE-2018-6914",{"_key":23},"CVE-2018-8777",{"_key":25},"CVE-2018-8778",{"_key":27},"CVE-2018-8779",{"_key":29},"CVE-2018-8780",[],[],[33,34,35,36,37,38,39,40],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},"2018-10-26T18:47:14Z","2026-04-16T06:24:13.040782300Z",{"cisa_kev":44,"cisa_ransomware":44,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[46,52,57,62,66,70,74,78,82,86,90],{"url":47,"sources":48,"tags":50},"https://advisories.mageia.org/MGASA-2018-0411.html",[49],"osv_mageia",[51],"Advisory",{"url":53,"sources":54,"tags":55},"https://bugs.mageia.org/show_bug.cgi?id=22844",[49],[56],"REPORT",{"url":58,"sources":59,"tags":60},"https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/",[49],[56,61],"WEB",{"url":63,"sources":64,"tags":65},"https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/",[49],[56,61],{"url":67,"sources":68,"tags":69},"https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/",[49],[56,61],{"url":71,"sources":72,"tags":73},"https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/",[49],[56,61],{"url":75,"sources":76,"tags":77},"https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/",[49],[56,61],{"url":79,"sources":80,"tags":81},"https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/",[49],[56,61],{"url":83,"sources":84,"tags":85},"https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/",[49],[56,61],{"url":87,"sources":88,"tags":89},"https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/",[49],[56,61],{"url":91,"sources":92,"tags":93},"https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/",[49],[56,61],[],[],[],[98],{"ecosystem":99,"name":100,"vendor":101,"product":100,"cpe_part":9,"purl_type":102,"purl_namespace":101,"purl_name":100,"source":9,"versions":103},"Mageia","ruby","mageia","rpm",[104],{"version":105,"is_range":106,"range_type":107,"version_start":9,"version_start_type":9,"version_end":108,"version_end_type":109,"fixed_in":9},"lt2_2_10_16_1_mga6",true,"ecosystem","2.2.10-16.1.mga6","excluding"]