تحديثات Ruby
1774Warning Date
Severity Level
Warning Number
Target Sector
25 November, 2021
● High
2021-3934
All
Description:
Ruby has released security updates to address several vulnerabilities in the following products:
- ruby 2.6.8 or prior (You can not use gem update cgi for this version.)
- cgi gem 0.1.0 or prior (which are bundled versions with Ruby 2.7 series prior to Ruby 2.7.5)
- cgi gem 0.2.0 or prior (which are bundled versions with Ruby 3.0 series prior to Ruby 3.0.3)
- cgi gem 0.3.0 or prior
- cgi gem 0.1.0 or prior (which are bundled versions with Ruby 2.7 series prior to Ruby 2.7.5)
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Buffer overflow
- Bypass of a protection mechanism
Best practice and Recommendations:
The CERT team encourages users to review Ruby security advisory and apply the necessary updates: