cbcvebase.
CVE-2019-15845
published 2019-11-26

CVE-2019-15845: Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions.

PriorityP433medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
EPSS
3.29%
86.9th percentile
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions.

Affected

28 ranges· showing 25
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debianjruby
msrccbl_mariner_1.0_arm
msrccbl_mariner_1.0_x64
msrccm1_ruby_2.6.7-1_on_cbl_mariner_1.0
ruby-langruby>= 0 < 2.5.7-r02.5.7-r0
ruby-langruby>= 0 < 2.6.5-r02.6.5-r0
ruby-langruby>= 0 < 2.6.5-r02.6.5-r0
ruby-langruby>= 0 < 2.6.5-r02.6.5-r0
ruby-langruby>= 0 < 2.6.5-r02.6.5-r0
ruby-langruby>= 0 < 2.6.5-r02.6.5-r0
ruby-langruby>= 0 < 2.6.5-r02.6.5-r0
ruby-langruby>= 0 < 2.6.5-r02.6.5-r0
ruby-langruby>= 0 < 2.6.5-r02.6.5-r0
ruby-langruby>= 0 < 2.6.5-r02.6.5-r0
ruby-langruby>= 0 < 2.6.5-r02.6.5-r0
ruby-langruby>= 0 < 2.6.5-r02.6.5-r0
ruby-langruby>= 0 < 2.6.5-r02.6.5-r0
ruby-langruby>= 0 < 2.6.5-r02.6.5-r0
ruby-langruby>= 0 < 2.4.10-r02.4.10-r0
ruby-langruby>= 0 < 2.5.7-r02.5.7-r0
ruby-langruby>= 0 < 2.5.7-r02.5.7-r0

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
osv6.5MEDIUM
vendor_oracle9.8MEDIUM
vendor_debian6.5LOW
vendor_msrc6.5MEDIUM
vendor_redhat6.5MEDIUM
vendor_ubuntu6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.