CVE-2017-10784 – webrick

Package

Manager: gem
Name: webrick
Vulnerable Version: >=0 <1.4.0

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.02058 pctl0.83196

Details

WEBrick RCE Vulnerability The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.

Metadata

Created: 2022-05-14T02:03:29Z
Modified: 2023-07-27T14:58:44Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-369m-2gv6-mw28/GHSA-369m-2gv6-mw28.json
CWE IDs: ["CWE-287"]
Alternative ID: GHSA-369m-2gv6-mw28
Finding: F039
Auto approve: 1