Vulnerabilities > Ruby Lang > Ruby > 2.4.2

DATE CVE VULNERABILITY TITLE RISK
2017-12-20 CVE-2017-17790 Injection vulnerability in Ruby-Lang Ruby
The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405.
network
low complexity
ruby-lang CWE-74
critical
 9.8
9.8
2017-12-15 CVE-2017-17405 OS Command Injection vulnerability in multiple products
Ruby before 2.4.3 allows Net::FTP command injection.
network
low complexity
ruby-lang debian redhat CWE-78
8.8
8.8