Vulnerability Database
Blog
FAQ
Docs
RHSA-2020:0591
See a problem?
Source
https://access.redhat.com/errata/RHSA-2020:0591
Import Source
https://security.access.redhat.com/data/osv/RHSA-2020:0591.json
JSON Data
https://api.osv.dev/v1/vulns/RHSA-2020:0591
Related
CVE-2018-1000073
CVE-2018-1000074
CVE-2018-1000075
CVE-2018-1000076
CVE-2018-1000077
CVE-2018-1000078
CVE-2018-1000079
CVE-2018-8777
CVE-2018-8780
Published
2024-09-13T19:57:05Z
Modified
2024-10-21T22:17:45Z
Severity
7.8 (High)
CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS Calculator
Summary
Red Hat Security Advisory: ruby security update
Details
References
https://access.redhat.com/errata/RHSA-2020:0591
https://access.redhat.com/security/updates/classification/#moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1547418
https://bugzilla.redhat.com/show_bug.cgi?id=1547419
https://bugzilla.redhat.com/show_bug.cgi?id=1547420
https://bugzilla.redhat.com/show_bug.cgi?id=1547421
https://bugzilla.redhat.com/show_bug.cgi?id=1547422
https://bugzilla.redhat.com/show_bug.cgi?id=1547425
https://bugzilla.redhat.com/show_bug.cgi?id=1547426
https://bugzilla.redhat.com/show_bug.cgi?id=1561949
https://bugzilla.redhat.com/show_bug.cgi?id=1561950
https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0591.json
https://access.redhat.com/security/cve/CVE-2018-8777
https://www.cve.org/CVERecord?id=CVE-2018-8777
https://nvd.nist.gov/vuln/detail/CVE-2018-8777
https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/
https://access.redhat.com/security/cve/CVE-2018-8780
https://www.cve.org/CVERecord?id=CVE-2018-8780
https://nvd.nist.gov/vuln/detail/CVE-2018-8780
https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/
https://access.redhat.com/security/cve/CVE-2018-1000073
https://www.cve.org/CVERecord?id=CVE-2018-1000073
https://nvd.nist.gov/vuln/detail/CVE-2018-1000073
https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
https://access.redhat.com/security/cve/CVE-2018-1000074
https://www.cve.org/CVERecord?id=CVE-2018-1000074
https://nvd.nist.gov/vuln/detail/CVE-2018-1000074
https://access.redhat.com/security/cve/CVE-2018-1000075
https://www.cve.org/CVERecord?id=CVE-2018-1000075
https://nvd.nist.gov/vuln/detail/CVE-2018-1000075
https://access.redhat.com/security/cve/CVE-2018-1000076
https://www.cve.org/CVERecord?id=CVE-2018-1000076
https://nvd.nist.gov/vuln/detail/CVE-2018-1000076
https://access.redhat.com/security/cve/CVE-2018-1000077
https://www.cve.org/CVERecord?id=CVE-2018-1000077
https://nvd.nist.gov/vuln/detail/CVE-2018-1000077
https://access.redhat.com/security/cve/CVE-2018-1000078
https://www.cve.org/CVERecord?id=CVE-2018-1000078
https://nvd.nist.gov/vuln/detail/CVE-2018-1000078
https://access.redhat.com/security/cve/CVE-2018-1000079
https://www.cve.org/CVERecord?id=CVE-2018-1000079
https://nvd.nist.gov/vuln/detail/CVE-2018-1000079
Affected packages
Red Hat:rhel_aus:7.4::server
/
ruby
Package
Name
ruby
Purl
pkg:rpm/redhat/ruby
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-35.el7_4
Red Hat:rhel_aus:7.4::server
/
ruby-debuginfo
Package
Name
ruby-debuginfo
Purl
pkg:rpm/redhat/ruby-debuginfo
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-35.el7_4
Red Hat:rhel_aus:7.4::server
/
ruby-devel
Package
Name
ruby-devel
Purl
pkg:rpm/redhat/ruby-devel
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-35.el7_4
Red Hat:rhel_aus:7.4::server
/
ruby-doc
Package
Name
ruby-doc
Purl
pkg:rpm/redhat/ruby-doc
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-35.el7_4
Red Hat:rhel_aus:7.4::server
/
ruby-irb
Package
Name
ruby-irb
Purl
pkg:rpm/redhat/ruby-irb
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-35.el7_4
Red Hat:rhel_aus:7.4::server
/
ruby-libs
Package
Name
ruby-libs
Purl
pkg:rpm/redhat/ruby-libs
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-35.el7_4
Red Hat:rhel_aus:7.4::server
/
ruby-tcltk
Package
Name
ruby-tcltk
Purl
pkg:rpm/redhat/ruby-tcltk
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-35.el7_4
Red Hat:rhel_aus:7.4::server
/
rubygem-bigdecimal
Package
Name
rubygem-bigdecimal
Purl
pkg:rpm/redhat/rubygem-bigdecimal
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.2.0-35.el7_4
Red Hat:rhel_aus:7.4::server
/
rubygem-io-console
Package
Name
rubygem-io-console
Purl
pkg:rpm/redhat/rubygem-io-console
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:0.4.2-35.el7_4
Red Hat:rhel_aus:7.4::server
/
rubygem-json
Package
Name
rubygem-json
Purl
pkg:rpm/redhat/rubygem-json
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.7.7-35.el7_4
Red Hat:rhel_aus:7.4::server
/
rubygem-minitest
Package
Name
rubygem-minitest
Purl
pkg:rpm/redhat/rubygem-minitest
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.3.2-35.el7_4
Red Hat:rhel_aus:7.4::server
/
rubygem-psych
Package
Name
rubygem-psych
Purl
pkg:rpm/redhat/rubygem-psych
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0-35.el7_4
Red Hat:rhel_aus:7.4::server
/
rubygem-rake
Package
Name
rubygem-rake
Purl
pkg:rpm/redhat/rubygem-rake
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:0.9.6-35.el7_4
Red Hat:rhel_aus:7.4::server
/
rubygem-rdoc
Package
Name
rubygem-rdoc
Purl
pkg:rpm/redhat/rubygem-rdoc
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.0.0-35.el7_4
Red Hat:rhel_aus:7.4::server
/
rubygems
Package
Name
rubygems
Purl
pkg:rpm/redhat/rubygems
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.14.1-35.el7_4
Red Hat:rhel_aus:7.4::server
/
rubygems-devel
Package
Name
rubygems-devel
Purl
pkg:rpm/redhat/rubygems-devel
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.14.1-35.el7_4
Red Hat:rhel_e4s:7.4::server
/
ruby
Package
Name
ruby
Purl
pkg:rpm/redhat/ruby
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-35.el7_4
Red Hat:rhel_e4s:7.4::server
/
ruby-debuginfo
Package
Name
ruby-debuginfo
Purl
pkg:rpm/redhat/ruby-debuginfo
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-35.el7_4
Red Hat:rhel_e4s:7.4::server
/
ruby-devel
Package
Name
ruby-devel
Purl
pkg:rpm/redhat/ruby-devel
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-35.el7_4
Red Hat:rhel_e4s:7.4::server
/
ruby-doc
Package
Name
ruby-doc
Purl
pkg:rpm/redhat/ruby-doc
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-35.el7_4
Red Hat:rhel_e4s:7.4::server
/
ruby-irb
Package
Name
ruby-irb
Purl
pkg:rpm/redhat/ruby-irb
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-35.el7_4
Red Hat:rhel_e4s:7.4::server
/
ruby-libs
Package
Name
ruby-libs
Purl
pkg:rpm/redhat/ruby-libs
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-35.el7_4
Red Hat:rhel_e4s:7.4::server
/
ruby-tcltk
Package
Name
ruby-tcltk
Purl
pkg:rpm/redhat/ruby-tcltk
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-35.el7_4
Red Hat:rhel_e4s:7.4::server
/
rubygem-bigdecimal
Package
Name
rubygem-bigdecimal
Purl
pkg:rpm/redhat/rubygem-bigdecimal
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.2.0-35.el7_4
Red Hat:rhel_e4s:7.4::server
/
rubygem-io-console
Package
Name
rubygem-io-console
Purl
pkg:rpm/redhat/rubygem-io-console
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:0.4.2-35.el7_4
Red Hat:rhel_e4s:7.4::server
/
rubygem-json
Package
Name
rubygem-json
Purl
pkg:rpm/redhat/rubygem-json
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.7.7-35.el7_4
Red Hat:rhel_e4s:7.4::server
/
rubygem-minitest
Package
Name
rubygem-minitest
Purl
pkg:rpm/redhat/rubygem-minitest
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.3.2-35.el7_4
Red Hat:rhel_e4s:7.4::server
/
rubygem-psych
Package
Name
rubygem-psych
Purl
pkg:rpm/redhat/rubygem-psych
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0-35.el7_4
Red Hat:rhel_e4s:7.4::server
/
rubygem-rake
Package
Name
rubygem-rake
Purl
pkg:rpm/redhat/rubygem-rake
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:0.9.6-35.el7_4
Red Hat:rhel_e4s:7.4::server
/
rubygem-rdoc
Package
Name
rubygem-rdoc
Purl
pkg:rpm/redhat/rubygem-rdoc
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.0.0-35.el7_4
Red Hat:rhel_e4s:7.4::server
/
rubygems
Package
Name
rubygems
Purl
pkg:rpm/redhat/rubygems
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.14.1-35.el7_4
Red Hat:rhel_e4s:7.4::server
/
rubygems-devel
Package
Name
rubygems-devel
Purl
pkg:rpm/redhat/rubygems-devel
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.14.1-35.el7_4
Red Hat:rhel_tus:7.4::server
/
ruby
Package
Name
ruby
Purl
pkg:rpm/redhat/ruby
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-35.el7_4
Red Hat:rhel_tus:7.4::server
/
ruby-debuginfo
Package
Name
ruby-debuginfo
Purl
pkg:rpm/redhat/ruby-debuginfo
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-35.el7_4
Red Hat:rhel_tus:7.4::server
/
ruby-devel
Package
Name
ruby-devel
Purl
pkg:rpm/redhat/ruby-devel
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-35.el7_4
Red Hat:rhel_tus:7.4::server
/
ruby-doc
Package
Name
ruby-doc
Purl
pkg:rpm/redhat/ruby-doc
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-35.el7_4
Red Hat:rhel_tus:7.4::server
/
ruby-irb
Package
Name
ruby-irb
Purl
pkg:rpm/redhat/ruby-irb
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-35.el7_4
Red Hat:rhel_tus:7.4::server
/
ruby-libs
Package
Name
ruby-libs
Purl
pkg:rpm/redhat/ruby-libs
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-35.el7_4
Red Hat:rhel_tus:7.4::server
/
ruby-tcltk
Package
Name
ruby-tcltk
Purl
pkg:rpm/redhat/ruby-tcltk
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0.648-35.el7_4
Red Hat:rhel_tus:7.4::server
/
rubygem-bigdecimal
Package
Name
rubygem-bigdecimal
Purl
pkg:rpm/redhat/rubygem-bigdecimal
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.2.0-35.el7_4
Red Hat:rhel_tus:7.4::server
/
rubygem-io-console
Package
Name
rubygem-io-console
Purl
pkg:rpm/redhat/rubygem-io-console
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:0.4.2-35.el7_4
Red Hat:rhel_tus:7.4::server
/
rubygem-json
Package
Name
rubygem-json
Purl
pkg:rpm/redhat/rubygem-json
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.7.7-35.el7_4
Red Hat:rhel_tus:7.4::server
/
rubygem-minitest
Package
Name
rubygem-minitest
Purl
pkg:rpm/redhat/rubygem-minitest
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.3.2-35.el7_4
Red Hat:rhel_tus:7.4::server
/
rubygem-psych
Package
Name
rubygem-psych
Purl
pkg:rpm/redhat/rubygem-psych
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.0-35.el7_4
Red Hat:rhel_tus:7.4::server
/
rubygem-rake
Package
Name
rubygem-rake
Purl
pkg:rpm/redhat/rubygem-rake
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:0.9.6-35.el7_4
Red Hat:rhel_tus:7.4::server
/
rubygem-rdoc
Package
Name
rubygem-rdoc
Purl
pkg:rpm/redhat/rubygem-rdoc
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.0.0-35.el7_4
Red Hat:rhel_tus:7.4::server
/
rubygems
Package
Name
rubygems
Purl
pkg:rpm/redhat/rubygems
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.14.1-35.el7_4
Red Hat:rhel_tus:7.4::server
/
rubygems-devel
Package
Name
rubygems-devel
Purl
pkg:rpm/redhat/rubygems-devel
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.14.1-35.el7_4
RHSA-2020:0591 - OSV