Security restrictions bypass in Ruby - CVE-2018-16396
Published: November 6, 2018
Vulnerability identifier: #VU15725
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-16396
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Ruby
Affected software:
Ruby
Ruby
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to the tainted flags are not propagated with the
The weakness exists due to the tainted flags are not propagated with the
B, b, H, and h directives. A remote attacker can supply inputs by Array#pack and/or String#unpack with these directives and checks the reliability with tainted flags and cause the check to be wrong to bypass security restrictions and conduct further attacks.How to mitigate CVE-2018-16396
The vulnerability has been fixed in the versions 2.3.8, 2.4.5, 2.5.2.