Description

The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.

Remediation

References

CVE-2017-10784

Related Vulnerabilities

Ruby on Rails Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3514)

PHP Address Book Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-2608)

Ruby Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-10933)

WordPress Plugin Sell Downloads Arbitrary File Disclosure (1.0.1)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9188)

Severity

High

Classification

CVE-2017-10784 CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities