1. CVE-Search
  2. CVE-2019-15845
ID CVE-2019-15845
Summary Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions.
References
Vulnerable Configurations
  • cpe:2.3:a:ruby-lang:ruby:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.4.0:preview1:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.4.0:preview1:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.4.0:preview2:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.4.0:preview2:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.4.0:preview3:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.4.0:preview3:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.4.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.4.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.5.0:preview1:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.5.0:preview1:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.6.0:-:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.6.0:-:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.6.0:preview2:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.6.0:preview2:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.6.4:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
CVSS
Base: 6.4 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:N
refmap via4
bugtraq
  • 20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update
  • 20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update
debian DSA-4587
gentoo GLSA-202003-06
misc
mlist [debian-lts-announce] 20191125 [SECURITY] [DLA 2007-1] ruby2.1 security update
suse openSUSE-SU-2020:0395
ubuntu USN-4201-1
Last major update 24-08-2020 - 17:37
Published 26-11-2019 - 17:15
Last modified 24-08-2020 - 17:37
Back to Top