MGASA-2019-0408

Advisory lineage Upstream: 4 Downstream: 0

Upstream

CVE-2019-15845 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255

Published: 25 Dec 2019, 19:08

Last modified:16 Apr 2026, 04:26

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

25 Dec 2019, 19:08

Published

Vulnerability first disclosed

16 Apr 2026, 04:26

Last Modified

Vulnerability information updated

Description

Updated ruby packages fix security vulnerabilities Updated ruby packages fix security vulnerabilities: It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this issue to pass path matching what can lead to an unauthorized access (CVE-2019-15845). It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could use this issue to cause a denial of service (CVE-2019-16201). It was discovered that Ruby incorrectly handled certain HTTP headers. An attacker could possibly use this issue to execute arbitrary code (CVE-2019-16254). It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code (CVE-2019-16255).

Affected Systems

mageia•ruby
< 2.5.7-20.mga7

MGASA-2019-0408

Vulnerability Summary

Timeline

Description

Affected Systems

References (8)