CVE-2019-16779

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-16779

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-16779.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-16779

Aliases

GHSA-q58g-455p-8vw9

Related

Published

2019-12-16T20:15:15Z

Modified

2024-09-18T03:03:15.767945Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short, and it would be difficult to purposefully exploit this.

References

Affected packages

Debian:11 / ruby-excon

Package

Name: ruby-excon
Purl: pkg:deb/debian/ruby-excon?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.60.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ruby-excon

Package

Name: ruby-excon
Purl: pkg:deb/debian/ruby-excon?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.60.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / ruby-excon

Package

Name: ruby-excon
Purl: pkg:deb/debian/ruby-excon?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.60.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/excon/excon

Affected ranges

Type: GIT
Repo: https://github.com/excon/excon
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ccb57d7a422f020dc74f1de4e8fb505ab46d8a29

Affected versions

v0.*

v0.0.22

v0.0.23

v0.0.24

v0.0.25

v0.0.26

v0.1.0

v0.1.1

v0.1.2

v0.1.3

v0.1.4

v0.10.0

v0.10.1

v0.11.0

v0.12.0

v0.13.0

v0.13.1

v0.13.2

v0.13.3

v0.13.4

v0.14.0

v0.14.1

v0.14.2

v0.14.3

v0.15.0

v0.15.1

v0.15.2

v0.15.3

v0.15.4

v0.15.5

v0.16.0

v0.16.1

v0.16.10

v0.16.2

v0.16.3

v0.16.4

v0.16.5

v0.16.6

v0.16.7

v0.16.8

v0.16.9

v0.17.0

v0.18.0

v0.18.1

v0.18.2

v0.18.3

v0.18.4

v0.18.5

v0.19.0

v0.19.1

v0.19.2

v0.19.3

v0.19.4

v0.19.5

v0.2.0

v0.2.1

v0.2.2

v0.2.3

v0.2.4

v0.2.5

v0.2.6

v0.2.7

v0.2.8

v0.20.0

v0.20.1

v0.21.0

v0.22.0

v0.22.1

v0.23.0

v0.24.0

v0.25.0

v0.25.1

v0.25.2

v0.25.3

v0.26.0

v0.27.0

v0.27.1

v0.27.2

v0.27.3

v0.27.4

v0.27.5

v0.27.6

v0.28.0

v0.29.0

v0.3.0

v0.3.1

v0.3.2

v0.3.3

v0.3.4

v0.3.5

v0.3.6

v0.3.7

v0.3.8

v0.30.0

v0.31.0

v0.32.0

v0.32.1

v0.33.0

v0.34.0

v0.35.0

v0.36.0

v0.37.0

v0.38.0

v0.39.0

v0.39.1

v0.39.2

v0.39.3

v0.39.4

v0.39.5

v0.39.6

v0.4.0

v0.40.0

v0.41.0

v0.42.0

v0.42.1

v0.43.0

v0.44.0

v0.44.1

v0.44.2

v0.44.3

v0.44.4

v0.45.0

v0.45.1

v0.45.2

v0.45.3

v0.45.4

v0.46.0

v0.47.0

v0.48.0

v0.49.0

v0.5.0

v0.5.1

v0.5.2

v0.5.3

v0.5.4

v0.5.5

v0.5.6

v0.5.7

v0.5.8

v0.50.0

v0.50.1

v0.52.0

v0.53.0

v0.54.0

v0.55.0

v0.56.0

v0.57.0

v0.57.1

v0.58.0

v0.59.0

v0.6.0

v0.6.1

v0.6.2

v0.6.3

v0.6.4

v0.6.5

v0.6.6

v0.60.0

v0.61.0

v0.62.0

v0.63.0

v0.64.0

v0.65.0

v0.66.0

v0.67.0

v0.68.0

v0.69.0

v0.69.1

v0.7.0

v0.7.1

v0.7.10

v0.7.11

v0.7.12

v0.7.2

v0.7.3

v0.7.4

v0.7.5

v0.7.6

v0.7.7

v0.7.8

v0.7.9

v0.70.0

v0.8.0

v0.9.0

v0.9.1

v0.9.2

v0.9.3

v0.9.4

v0.9.5

v0.9.6