You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: doc/user/security.md
+2Lines changed: 2 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -41,6 +41,8 @@ CVE-2019-16255 | A code injection vulnerability of Shell#[] and Shell#test | [Fi
41
41
CVE-2019-16254 | HTTP response splitting in WEBrick (Additional fix) | [Fix](https://github.com/ruby/ruby/commit/3ce238b5f9795581eb84114dcfbdf4aa086bfecc) | MRI test | Same
42
42
CVE-2019-15845 | A NUL injection vulnerability of File.fnmatch and File.fnmatch? | [Fix](https://github.com/ruby/ruby/commit/a0a2640b398cffd351f87d3f6243103add66575b) | MRI test | Check for NUL bytes
43
43
CVE-2019-16201 | Regular Expression Denial of Service vulnerability of WEBrick’s Digest access authentication | [Fix](https://github.com/ruby/ruby/commit/36e057e26ef2104bc2349799d6c52d22bb1c7d03) | MRI test | Same
44
+
CVE-2012-6708 | Multiple jQuery vulnerabilities in RDoc | Remove jquery.js | N/A | Same
45
+
CVE-2015-9251 | Multiple jQuery vulnerabilities in RDoc | Remove jquery.js | N/A | Same
44
46
CVE-2019-8320 | Delete directory using symlink when decompressing `tar` | Check the expanded path | Tested in MRI `test/rubygems/test_gem_package.rb` | Applied the same patch
45
47
CVE-2019-8321 | Escape sequence injection in `verbose` | Sanitise message | Tested in `ruby/spec``:security` | Applied the same patch
46
48
CVE-2019-8322 | Escape sequence injection in `gem owner` | Sanitise message | Tested in `ruby/spec``:security` | Applied the same patch
0 commit comments