Skip to content

Commit 764be08

Browse files
postmodernpostmodern
committed
1 parent b6d7ca2 commit 764be08

1 file changed

Lines changed: 22 additions & 0 deletions

File tree

rubies/ruby/CVE-2024-27282.yml

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
---
2+
engine: ruby
3+
cve: 2024-27282
4+
url: https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/
5+
title: Arbitrary memory address read vulnerability with Regex search
6+
date: 2024-04-23
7+
description: |
8+
If attacker-supplied data is provided to the Ruby regex compiler, it is
9+
possible to extract arbitrary heap data relative to the start of the text,
10+
including pointers and sensitive strings.
11+
12+
We recommend to update the Ruby to version 3.3.1 or later. In order to ensure compatibility with older Ruby series, you may update as follows instead:
13+
14+
* For Ruby 3.0 users: Update to 3.0.7
15+
* For Ruby 3.1 users: Update to 3.1.5
16+
* For Ruby 3.2 users: Update to 3.2.4
17+
* For Ruby 3.3 users: Update to 3.3.1
18+
patched_versions:
19+
- "~> 3.0.7"
20+
- "~> 3.1.5"
21+
- "~> 3.2.4"
22+
- ">= 3.3.1"

0 commit comments

Comments
 (0)