Risk | High |
Patch available | YES |
Number of vulnerabilities | 8 |
CVE-ID | CVE-2012-6708 CVE-2015-9251 CVE-2017-17742 CVE-2019-15845 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 CVE-2020-10663 |
CWE-ID | CWE-79 CWE-113 CWE-20 CWE-94 |
Exploitation vector | Network |
Public exploit | Public exploit code for vulnerability #1 is available. |
Vulnerable software Subscribe |
Amazon Linux AMI Operating systems & Components / Operating system |
Vendor | Amazon Web Services |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
EUVDB-ID: #VU18263
Risk: Medium
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2012-6708
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: Yes
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data within the jQuery(strInput) function that does not differentiate selectors from HTML. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
rubygem24-psych-2.2.2-2.12.amzn1.i686
ruby24-libs-2.4.10-2.12.amzn1.i686
rubygem24-bigdecimal-1.3.2-2.12.amzn1.i686
ruby24-devel-2.4.10-2.12.amzn1.i686
ruby24-debuginfo-2.4.10-2.12.amzn1.i686
rubygem24-io-console-0.4.6-2.12.amzn1.i686
ruby24-2.4.10-2.12.amzn1.i686
rubygem24-xmlrpc-0.2.1-2.12.amzn1.i686
rubygem24-net-telnet-0.1.1-2.12.amzn1.i686
rubygem24-json-2.0.4-2.12.amzn1.i686
noarch:
rubygems24-2.6.14.4-2.12.amzn1.noarch
rubygem24-did_you_mean-1.1.0-2.12.amzn1.noarch
rubygems24-devel-2.6.14.4-2.12.amzn1.noarch
rubygem24-power_assert-0.4.1-2.12.amzn1.noarch
rubygem24-rdoc-5.0.1-2.12.amzn1.noarch
rubygem24-minitest5-5.10.1-2.12.amzn1.noarch
ruby24-irb-2.4.10-2.12.amzn1.noarch
ruby24-doc-2.4.10-2.12.amzn1.noarch
rubygem24-test-unit-3.2.3-2.12.amzn1.noarch
src:
ruby24-2.4.10-2.12.amzn1.src
x86_64:
ruby24-2.4.10-2.12.amzn1.x86_64
rubygem24-bigdecimal-1.3.2-2.12.amzn1.x86_64
rubygem24-json-2.0.4-2.12.amzn1.x86_64
ruby24-devel-2.4.10-2.12.amzn1.x86_64
ruby24-libs-2.4.10-2.12.amzn1.x86_64
rubygem24-xmlrpc-0.2.1-2.12.amzn1.x86_64
ruby24-debuginfo-2.4.10-2.12.amzn1.x86_64
rubygem24-psych-2.2.2-2.12.amzn1.x86_64
rubygem24-io-console-0.4.6-2.12.amzn1.x86_64
rubygem24-net-telnet-0.1.1-2.12.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2020-1422.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU14150
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-9251
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when a cross-domain Ajax request is performed without the dataType option. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary text/javascript responses in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
rubygem24-psych-2.2.2-2.12.amzn1.i686
ruby24-libs-2.4.10-2.12.amzn1.i686
rubygem24-bigdecimal-1.3.2-2.12.amzn1.i686
ruby24-devel-2.4.10-2.12.amzn1.i686
ruby24-debuginfo-2.4.10-2.12.amzn1.i686
rubygem24-io-console-0.4.6-2.12.amzn1.i686
ruby24-2.4.10-2.12.amzn1.i686
rubygem24-xmlrpc-0.2.1-2.12.amzn1.i686
rubygem24-net-telnet-0.1.1-2.12.amzn1.i686
rubygem24-json-2.0.4-2.12.amzn1.i686
noarch:
rubygems24-2.6.14.4-2.12.amzn1.noarch
rubygem24-did_you_mean-1.1.0-2.12.amzn1.noarch
rubygems24-devel-2.6.14.4-2.12.amzn1.noarch
rubygem24-power_assert-0.4.1-2.12.amzn1.noarch
rubygem24-rdoc-5.0.1-2.12.amzn1.noarch
rubygem24-minitest5-5.10.1-2.12.amzn1.noarch
ruby24-irb-2.4.10-2.12.amzn1.noarch
ruby24-doc-2.4.10-2.12.amzn1.noarch
rubygem24-test-unit-3.2.3-2.12.amzn1.noarch
src:
ruby24-2.4.10-2.12.amzn1.src
x86_64:
ruby24-2.4.10-2.12.amzn1.x86_64
rubygem24-bigdecimal-1.3.2-2.12.amzn1.x86_64
rubygem24-json-2.0.4-2.12.amzn1.x86_64
ruby24-devel-2.4.10-2.12.amzn1.x86_64
ruby24-libs-2.4.10-2.12.amzn1.x86_64
rubygem24-xmlrpc-0.2.1-2.12.amzn1.x86_64
ruby24-debuginfo-2.4.10-2.12.amzn1.x86_64
rubygem24-psych-2.2.2-2.12.amzn1.x86_64
rubygem24-io-console-0.4.6-2.12.amzn1.x86_64
rubygem24-net-telnet-0.1.1-2.12.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2020-1422.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU11537
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-17742
CWE-ID:
CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform HTTP response splitting attack.
The weakness exists due to improper handling of HTTP requests. If a script accepts an external input and outputs it without modification as a part of HTTP responses, a remote attacker can use newline characters to trick the victim that the HTTP response header is stopped at there and inject fake HTTP responses after the newline characters to show malicious contents to the victim.
Update the affected packages:
i686:Vulnerable software versions
rubygem24-psych-2.2.2-2.12.amzn1.i686
ruby24-libs-2.4.10-2.12.amzn1.i686
rubygem24-bigdecimal-1.3.2-2.12.amzn1.i686
ruby24-devel-2.4.10-2.12.amzn1.i686
ruby24-debuginfo-2.4.10-2.12.amzn1.i686
rubygem24-io-console-0.4.6-2.12.amzn1.i686
ruby24-2.4.10-2.12.amzn1.i686
rubygem24-xmlrpc-0.2.1-2.12.amzn1.i686
rubygem24-net-telnet-0.1.1-2.12.amzn1.i686
rubygem24-json-2.0.4-2.12.amzn1.i686
noarch:
rubygems24-2.6.14.4-2.12.amzn1.noarch
rubygem24-did_you_mean-1.1.0-2.12.amzn1.noarch
rubygems24-devel-2.6.14.4-2.12.amzn1.noarch
rubygem24-power_assert-0.4.1-2.12.amzn1.noarch
rubygem24-rdoc-5.0.1-2.12.amzn1.noarch
rubygem24-minitest5-5.10.1-2.12.amzn1.noarch
ruby24-irb-2.4.10-2.12.amzn1.noarch
ruby24-doc-2.4.10-2.12.amzn1.noarch
rubygem24-test-unit-3.2.3-2.12.amzn1.noarch
src:
ruby24-2.4.10-2.12.amzn1.src
x86_64:
ruby24-2.4.10-2.12.amzn1.x86_64
rubygem24-bigdecimal-1.3.2-2.12.amzn1.x86_64
rubygem24-json-2.0.4-2.12.amzn1.x86_64
ruby24-devel-2.4.10-2.12.amzn1.x86_64
ruby24-libs-2.4.10-2.12.amzn1.x86_64
rubygem24-xmlrpc-0.2.1-2.12.amzn1.x86_64
ruby24-debuginfo-2.4.10-2.12.amzn1.x86_64
rubygem24-psych-2.2.2-2.12.amzn1.x86_64
rubygem24-io-console-0.4.6-2.12.amzn1.x86_64
rubygem24-net-telnet-0.1.1-2.12.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2020-1422.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU23006
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-15845
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists in Ruby due to insufficient validation of user-supplied files within File.fnmatch and File.fnmatch? functions when processing NUL byte in the filename. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the system.
Update the affected packages:
i686:Vulnerable software versions
rubygem24-psych-2.2.2-2.12.amzn1.i686
ruby24-libs-2.4.10-2.12.amzn1.i686
rubygem24-bigdecimal-1.3.2-2.12.amzn1.i686
ruby24-devel-2.4.10-2.12.amzn1.i686
ruby24-debuginfo-2.4.10-2.12.amzn1.i686
rubygem24-io-console-0.4.6-2.12.amzn1.i686
ruby24-2.4.10-2.12.amzn1.i686
rubygem24-xmlrpc-0.2.1-2.12.amzn1.i686
rubygem24-net-telnet-0.1.1-2.12.amzn1.i686
rubygem24-json-2.0.4-2.12.amzn1.i686
noarch:
rubygems24-2.6.14.4-2.12.amzn1.noarch
rubygem24-did_you_mean-1.1.0-2.12.amzn1.noarch
rubygems24-devel-2.6.14.4-2.12.amzn1.noarch
rubygem24-power_assert-0.4.1-2.12.amzn1.noarch
rubygem24-rdoc-5.0.1-2.12.amzn1.noarch
rubygem24-minitest5-5.10.1-2.12.amzn1.noarch
ruby24-irb-2.4.10-2.12.amzn1.noarch
ruby24-doc-2.4.10-2.12.amzn1.noarch
rubygem24-test-unit-3.2.3-2.12.amzn1.noarch
src:
ruby24-2.4.10-2.12.amzn1.src
x86_64:
ruby24-2.4.10-2.12.amzn1.x86_64
rubygem24-bigdecimal-1.3.2-2.12.amzn1.x86_64
rubygem24-json-2.0.4-2.12.amzn1.x86_64
ruby24-devel-2.4.10-2.12.amzn1.x86_64
ruby24-libs-2.4.10-2.12.amzn1.x86_64
rubygem24-xmlrpc-0.2.1-2.12.amzn1.x86_64
ruby24-debuginfo-2.4.10-2.12.amzn1.x86_64
rubygem24-psych-2.2.2-2.12.amzn1.x86_64
rubygem24-io-console-0.4.6-2.12.amzn1.x86_64
rubygem24-net-telnet-0.1.1-2.12.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2020-1422.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU23007
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-16201
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the WEBrick::HTTPAuth::DigestAuth in Ruby due to a regular expression issue. A remote attacker can send a specially crafted request to the application and perform a denial of service attack.
Update the affected packages:
i686:Vulnerable software versions
rubygem24-psych-2.2.2-2.12.amzn1.i686
ruby24-libs-2.4.10-2.12.amzn1.i686
rubygem24-bigdecimal-1.3.2-2.12.amzn1.i686
ruby24-devel-2.4.10-2.12.amzn1.i686
ruby24-debuginfo-2.4.10-2.12.amzn1.i686
rubygem24-io-console-0.4.6-2.12.amzn1.i686
ruby24-2.4.10-2.12.amzn1.i686
rubygem24-xmlrpc-0.2.1-2.12.amzn1.i686
rubygem24-net-telnet-0.1.1-2.12.amzn1.i686
rubygem24-json-2.0.4-2.12.amzn1.i686
noarch:
rubygems24-2.6.14.4-2.12.amzn1.noarch
rubygem24-did_you_mean-1.1.0-2.12.amzn1.noarch
rubygems24-devel-2.6.14.4-2.12.amzn1.noarch
rubygem24-power_assert-0.4.1-2.12.amzn1.noarch
rubygem24-rdoc-5.0.1-2.12.amzn1.noarch
rubygem24-minitest5-5.10.1-2.12.amzn1.noarch
ruby24-irb-2.4.10-2.12.amzn1.noarch
ruby24-doc-2.4.10-2.12.amzn1.noarch
rubygem24-test-unit-3.2.3-2.12.amzn1.noarch
src:
ruby24-2.4.10-2.12.amzn1.src
x86_64:
ruby24-2.4.10-2.12.amzn1.x86_64
rubygem24-bigdecimal-1.3.2-2.12.amzn1.x86_64
rubygem24-json-2.0.4-2.12.amzn1.x86_64
ruby24-devel-2.4.10-2.12.amzn1.x86_64
ruby24-libs-2.4.10-2.12.amzn1.x86_64
rubygem24-xmlrpc-0.2.1-2.12.amzn1.x86_64
ruby24-debuginfo-2.4.10-2.12.amzn1.x86_64
rubygem24-psych-2.2.2-2.12.amzn1.x86_64
rubygem24-io-console-0.4.6-2.12.amzn1.x86_64
rubygem24-net-telnet-0.1.1-2.12.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2020-1422.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU23008
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-16254
CWE-ID:
CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform HTTP response splitting attack.
The vulnerability exists due to insufficient validation of CRLF sequences within the WEBrick in Ruby. A remote attacker can send a specially crafted request to the application and perform a spoofing attack.
Update the affected packages:
i686:Vulnerable software versions
rubygem24-psych-2.2.2-2.12.amzn1.i686
ruby24-libs-2.4.10-2.12.amzn1.i686
rubygem24-bigdecimal-1.3.2-2.12.amzn1.i686
ruby24-devel-2.4.10-2.12.amzn1.i686
ruby24-debuginfo-2.4.10-2.12.amzn1.i686
rubygem24-io-console-0.4.6-2.12.amzn1.i686
ruby24-2.4.10-2.12.amzn1.i686
rubygem24-xmlrpc-0.2.1-2.12.amzn1.i686
rubygem24-net-telnet-0.1.1-2.12.amzn1.i686
rubygem24-json-2.0.4-2.12.amzn1.i686
noarch:
rubygems24-2.6.14.4-2.12.amzn1.noarch
rubygem24-did_you_mean-1.1.0-2.12.amzn1.noarch
rubygems24-devel-2.6.14.4-2.12.amzn1.noarch
rubygem24-power_assert-0.4.1-2.12.amzn1.noarch
rubygem24-rdoc-5.0.1-2.12.amzn1.noarch
rubygem24-minitest5-5.10.1-2.12.amzn1.noarch
ruby24-irb-2.4.10-2.12.amzn1.noarch
ruby24-doc-2.4.10-2.12.amzn1.noarch
rubygem24-test-unit-3.2.3-2.12.amzn1.noarch
src:
ruby24-2.4.10-2.12.amzn1.src
x86_64:
ruby24-2.4.10-2.12.amzn1.x86_64
rubygem24-bigdecimal-1.3.2-2.12.amzn1.x86_64
rubygem24-json-2.0.4-2.12.amzn1.x86_64
ruby24-devel-2.4.10-2.12.amzn1.x86_64
ruby24-libs-2.4.10-2.12.amzn1.x86_64
rubygem24-xmlrpc-0.2.1-2.12.amzn1.x86_64
ruby24-debuginfo-2.4.10-2.12.amzn1.x86_64
rubygem24-psych-2.2.2-2.12.amzn1.x86_64
rubygem24-io-console-0.4.6-2.12.amzn1.x86_64
rubygem24-net-telnet-0.1.1-2.12.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2020-1422.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU23009
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-16255
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in lib/shell.rb in Ruby when processing Shell#[] and its alias Shell#test. A remote attacker can send a specially crafted request and execute arbitrary Ruby code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
rubygem24-psych-2.2.2-2.12.amzn1.i686
ruby24-libs-2.4.10-2.12.amzn1.i686
rubygem24-bigdecimal-1.3.2-2.12.amzn1.i686
ruby24-devel-2.4.10-2.12.amzn1.i686
ruby24-debuginfo-2.4.10-2.12.amzn1.i686
rubygem24-io-console-0.4.6-2.12.amzn1.i686
ruby24-2.4.10-2.12.amzn1.i686
rubygem24-xmlrpc-0.2.1-2.12.amzn1.i686
rubygem24-net-telnet-0.1.1-2.12.amzn1.i686
rubygem24-json-2.0.4-2.12.amzn1.i686
noarch:
rubygems24-2.6.14.4-2.12.amzn1.noarch
rubygem24-did_you_mean-1.1.0-2.12.amzn1.noarch
rubygems24-devel-2.6.14.4-2.12.amzn1.noarch
rubygem24-power_assert-0.4.1-2.12.amzn1.noarch
rubygem24-rdoc-5.0.1-2.12.amzn1.noarch
rubygem24-minitest5-5.10.1-2.12.amzn1.noarch
ruby24-irb-2.4.10-2.12.amzn1.noarch
ruby24-doc-2.4.10-2.12.amzn1.noarch
rubygem24-test-unit-3.2.3-2.12.amzn1.noarch
src:
ruby24-2.4.10-2.12.amzn1.src
x86_64:
ruby24-2.4.10-2.12.amzn1.x86_64
rubygem24-bigdecimal-1.3.2-2.12.amzn1.x86_64
rubygem24-json-2.0.4-2.12.amzn1.x86_64
ruby24-devel-2.4.10-2.12.amzn1.x86_64
ruby24-libs-2.4.10-2.12.amzn1.x86_64
rubygem24-xmlrpc-0.2.1-2.12.amzn1.x86_64
ruby24-debuginfo-2.4.10-2.12.amzn1.x86_64
rubygem24-psych-2.2.2-2.12.amzn1.x86_64
rubygem24-io-console-0.4.6-2.12.amzn1.x86_64
rubygem24-net-telnet-0.1.1-2.12.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2020-1422.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU32971
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-10663
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
rubygem24-psych-2.2.2-2.12.amzn1.i686
ruby24-libs-2.4.10-2.12.amzn1.i686
rubygem24-bigdecimal-1.3.2-2.12.amzn1.i686
ruby24-devel-2.4.10-2.12.amzn1.i686
ruby24-debuginfo-2.4.10-2.12.amzn1.i686
rubygem24-io-console-0.4.6-2.12.amzn1.i686
ruby24-2.4.10-2.12.amzn1.i686
rubygem24-xmlrpc-0.2.1-2.12.amzn1.i686
rubygem24-net-telnet-0.1.1-2.12.amzn1.i686
rubygem24-json-2.0.4-2.12.amzn1.i686
noarch:
rubygems24-2.6.14.4-2.12.amzn1.noarch
rubygem24-did_you_mean-1.1.0-2.12.amzn1.noarch
rubygems24-devel-2.6.14.4-2.12.amzn1.noarch
rubygem24-power_assert-0.4.1-2.12.amzn1.noarch
rubygem24-rdoc-5.0.1-2.12.amzn1.noarch
rubygem24-minitest5-5.10.1-2.12.amzn1.noarch
ruby24-irb-2.4.10-2.12.amzn1.noarch
ruby24-doc-2.4.10-2.12.amzn1.noarch
rubygem24-test-unit-3.2.3-2.12.amzn1.noarch
src:
ruby24-2.4.10-2.12.amzn1.src
x86_64:
ruby24-2.4.10-2.12.amzn1.x86_64
rubygem24-bigdecimal-1.3.2-2.12.amzn1.x86_64
rubygem24-json-2.0.4-2.12.amzn1.x86_64
ruby24-devel-2.4.10-2.12.amzn1.x86_64
ruby24-libs-2.4.10-2.12.amzn1.x86_64
rubygem24-xmlrpc-0.2.1-2.12.amzn1.x86_64
ruby24-debuginfo-2.4.10-2.12.amzn1.x86_64
rubygem24-psych-2.2.2-2.12.amzn1.x86_64
rubygem24-io-console-0.4.6-2.12.amzn1.x86_64
rubygem24-net-telnet-0.1.1-2.12.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2020-1422.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.