cbcvebase.
CVE-2017-10784
published 2017-09-19

CVE-2017-10784: The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal…

PriorityP358high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
16.41%
96.6th percentile
The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.

Affected

32 ranges· showing 25
VendorProductVersion rangeFixed in
applemacos_high_sierra_10.13.6_security_update_2018-004_sierra_security_update_2018-0
applemacos_mojave_10.14.1_security_update_2018-002_high_sierra_security_update_2018-0
ruby-langruby<= 2.2.7
ruby-langruby
ruby-langruby
ruby-langruby
ruby-langruby
ruby-langruby
ruby-langruby
ruby-langruby
ruby-langruby>= 0 < 2.4.2-r02.4.2-r0
ruby-langruby>= 0 < 2.4.2-r02.4.2-r0
ruby-langruby>= 0 < 2.4.2-r02.4.2-r0
ruby-langruby>= 0 < 2.4.2-r02.4.2-r0
ruby-langruby>= 0 < 2.4.2-r02.4.2-r0
ruby-langruby>= 0 < 2.4.2-r02.4.2-r0
ruby-langruby>= 0 < 2.4.2-r02.4.2-r0
ruby-langruby>= 0 < 2.4.2-r02.4.2-r0
ruby-langruby>= 0 < 2.4.2-r02.4.2-r0
ruby-langruby>= 0 < 2.4.2-r02.4.2-r0
ruby-langruby>= 0 < 2.4.2-r02.4.2-r0
ruby-langruby>= 0 < 2.4.2-r02.4.2-r0
ruby-langruby>= 0 < 2.4.2-r02.4.2-r0
ruby-langruby>= 0 < 2.4.2-r02.4.2-r0
ruby-langruby>= 0 < 2.2.8-r02.2.8-r0

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.1CRITICAL
vendor_ubuntu9.1CRITICAL
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.