CVE-2017-10784

CVSS v3.0 8.8 (High)

CVSS v2.0 9.3 (High)

EPSS 0.83 % (82^th)

Affected Products 1

Advisories 16

The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.

Weaknesses

CWE-287: Improper Authentication

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2017-09-19 17:29:00
(7 years ago)
Updated Date: 2018-10-31 10:29:04
(5 years ago)

Affected Products

Ruby-lang

Ruby

Configuration #1

	CPE23	Up To
Ruby-lang Ruby 2.2.7 and prior versions	cpe:2.3:a:ruby-lang:ruby	<= 2.2.7
Ruby-lang Ruby 2.3.0	cpe:2.3:a:ruby-lang:ruby:2.3.0
Ruby-lang Ruby 2.3.0 Preview1	cpe:2.3:a:ruby-lang:ruby:2.3.0:preview1
Ruby-lang Ruby 2.3.0 Preview2	cpe:2.3:a:ruby-lang:ruby:2.3.0:preview2
Ruby-lang Ruby 2.3.1	cpe:2.3:a:ruby-lang:ruby:2.3.1
Ruby-lang Ruby 2.3.2	cpe:2.3:a:ruby-lang:ruby:2.3.2
Ruby-lang Ruby 2.3.3	cpe:2.3:a:ruby-lang:ruby:2.3.3
Ruby-lang Ruby 2.3.4	cpe:2.3:a:ruby-lang:ruby:2.3.4
Ruby-lang Ruby 2.4.0	cpe:2.3:a:ruby-lang:ruby:2.4.0
Ruby-lang Ruby 2.4.0 Preview1	cpe:2.3:a:ruby-lang:ruby:2.4.0:preview1
Ruby-lang Ruby 2.4.0 Preview2	cpe:2.3:a:ruby-lang:ruby:2.4.0:preview2
Ruby-lang Ruby 2.4.0 Preview3	cpe:2.3:a:ruby-lang:ruby:2.4.0:preview3
Ruby-lang Ruby 2.4.0 Rc1	cpe:2.3:a:ruby-lang:ruby:2.4.0:rc1
Ruby-lang Ruby 2.4.1	cpe:2.3:a:ruby-lang:ruby:2.4.1