UBUNTU-CVE-2022-31033

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2022-31033

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-31033.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-31033

Related

CVE-2022-31033

Published

2022-06-09T20:15:00Z

Modified

2024-10-15T14:09:57Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

The Mechanize library is used for automating interaction with websites. Mechanize automatically stores and sends cookies, follows redirects, and can follow links and submit forms. In versions prior to 2.8.5 the Authorization header is leaked after a redirect to a different port on the same site. Users are advised to upgrade to Mechanize v2.8.5 or later. There are no known workarounds for this issue.

References

Affected packages

Ubuntu:24.10 / ruby-mechanize

Package

Name: ruby-mechanize
Purl: pkg:deb/ubuntu/ruby-mechanize?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.8.5-1

2.10.1-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / ruby-mechanize

Package

Name: ruby-mechanize
Purl: pkg:deb/ubuntu/ruby-mechanize?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.8.5-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}