OESA-2023-1002

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1002

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2023-1002.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2023-1002

Upstream

CVE-2022-4064

Published

2023-01-06T11:04:44Z

Modified

2025-09-03T06:18:27.429415Z

Summary

rubygem-dalli security update

Details

High performance memcached client for Ruby

Security Fix(es):

A vulnerability was found in Dalli. It has been classified as problematic. Affected is the function self.metaset of the file lib/dalli/protocol/meta/requestformatter.rb of the component Meta Protocol Handler. The manipulation leads to injection. The exploit has been disclosed to the public and may be used. The name of the patch is 48d594dae55934476fec61789e7a7c3700e0f50d. It is recommended to apply a patch to fix this issue. VDB-214026 is the identifier assigned to this vulnerability.(CVE-2022-4064)

Database specific

{
    "severity": "Low"
}

References

Affected packages

openEuler:22.03-LTS-SP1 / rubygem-dalli

Package

Name: rubygem-dalli
Purl: pkg:rpm/openEuler/rubygem-dalli&distro=openEuler-22.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.2-2.oe2203sp1

Ecosystem specific

{
    "src": [
        "rubygem-dalli-3.2.2-2.oe2203sp1.src.rpm"
    ],
    "noarch": [
        "rubygem-dalli-doc-3.2.2-2.oe2203sp1.noarch.rpm",
        "rubygem-dalli-3.2.2-2.oe2203sp1.noarch.rpm"
    ]
}