RubyGems ã®è¤‡æ•°ã®è„†å¼±æ€§ã«ã¤ã„ã¦Posted by usa on 29 Aug 2017 Ruby ã®æ¨™æº–添付ライブラリã§ã‚ã‚‹ RubyGems ã«ã€è¤‡æ•°ã®è„†å¼±æ€§ãŒç™ºè¦‹ã•ã‚Œã¾ã—ãŸã€‚ RubyGems ã®å…¬å¼ãƒ–ãƒã‚°ã«ã¦å ±å‘Šã•ã‚Œã¦ã„ã¾ã™ã€‚ 詳細 以下ã®è„†å¼±æ€§ãŒå ±å‘Šã•ã‚Œã¦ã„ã¾ã™ã€‚ a DNS request hijacking vulnerability. (CVE-2017-0902) an ANSI escape sequence vulnerability. (CVE-2017-0899) a DoS vulnerability in the query command. (CVE-2017-0900) a vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files. (CVE-2017-0901
{{#tags}}- {{label}}
{{/tags}}