9.3

CVE-2017-10784

The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.

Data is provided by the National Vulnerability Database (NVD)
Ruby-langRuby Version <= 2.2.7
Ruby-langRuby Version2.3.0
Ruby-langRuby Version2.3.0 Updatepreview1
Ruby-langRuby Version2.3.0 Updatepreview2
Ruby-langRuby Version2.3.1
Ruby-langRuby Version2.3.2
Ruby-langRuby Version2.3.3
Ruby-langRuby Version2.3.4
Ruby-langRuby Version2.4.0
Ruby-langRuby Version2.4.0 Updatepreview1
Ruby-langRuby Version2.4.0 Updatepreview2
Ruby-langRuby Version2.4.0 Updatepreview3
Ruby-langRuby Version2.4.0 Updaterc1
Ruby-langRuby Version2.4.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 2.14% 0.836
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://www.securitytracker.com/id/1039363
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/100853
Third Party Advisory
VDB Entry