Description

The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.

Remediation

References

CVE-2017-10784

Related Vulnerabilities

WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker Multiple Vulnerabilities (7.0.0)

PHP Other Vulnerability (CVE-2007-1411)

Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-27973)

WordPress Plugin Google 'Plus one' Button by kms Multiple Vulnerabilities (1.5.0)

Oracle JRE CVE-2022-21291 Vulnerability (CVE-2022-21291)

Severity

High

Classification

CVE-2017-10784 CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities