CVE-2017-10784
CVE-2017-10784
The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://access.redhat.com/errata/RHSA-2017:3485https://access.redhat.com/errata/RHSA-2018:0378https://access.redhat.com/errata/RHSA-2018:0583https://access.redhat.com/errata/RHSA-2018:0585https://lists.debian.org/debian-lts-announce/2018/07/msg00012.htmlhttps://security.gentoo.org/glsa/201710-18https://usn.ubuntu.com/3528-1/https://usn.ubuntu.com/3685-1/https://www.debian.org/security/2017/dsa-4031https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/