Ruby CVE-2017-17405 Multiple Command Execution Vulnerabilities


Ruby CVE-2017-17405 Multiple Command Execution Vulnerabilities

Bugtraq ID: 102204
Class: Input Validation Error
CVE:

CVE-2017-17405

Remote: Yes
Local: No
Published: Dec 14 2017 12:00AM
Updated: Dec 18 2017 03:13PM
Credit: Etienne Stalmans from the Heroku product security team.
Vulnerable:

Ruby-Lang Ruby 2.4.2
Ruby-Lang Ruby 2.4.1
Ruby-Lang Ruby 2.3.5
Ruby-Lang Ruby 2.3.4
Ruby-Lang Ruby 2.3
Ruby-Lang Ruby 2.2.8
Ruby-Lang Ruby 2.2.7
Ruby-Lang Ruby 2.4.0
Ruby-Lang Ruby 2.2.2
Redhat Subscription Asset Manager 1.0.0

Not Vulnerable:

Ruby-Lang Ruby 2.4.3
Ruby-Lang Ruby 2.3.6
Ruby-Lang Ruby 2.2.9