Open jufemaiz opened 2 years ago
RUBY_VERSION: 2.7.5 RUBY_PATCHLEVEL: 203 RUBY_PLATFORM: x86_64-linux RUBY_RELEASE_DATE: 2021-11-24
Note: the source is a lambci S3 bucket which is opaque to me as to how that is managed.
https://github.com/lambci/docker-lambda/blob/master/ruby2.7/run/Dockerfile#L3
Relevant information:
This release includes security fixes. Please check the topics below for details.
CVE-2021-28965: XML round-trip vulnerability in REXML CVE-2021-28966: Path traversal in Tempfile on Windows
CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP CVE-2021-31799: A command injection vulnerability in RDoc
CVE-2021-41817: Regular Expression Denial of Service Vulnerability of Date Parsing Methods CVE-2021-41816: Buffer Overrun in CGI.escape_html CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse
This release includes a security fix.
CVE-2022-28739: Buffer overrun in String-to-Float conversion
Note: the source is a lambci S3 bucket which is opaque to me as to how that is managed.
https://github.com/lambci/docker-lambda/blob/master/ruby2.7/run/Dockerfile#L3
Relevant information:
v2.7.3
This release includes security fixes. Please check the topics below for details.
CVE-2021-28965: XML round-trip vulnerability in REXML CVE-2021-28966: Path traversal in Tempfile on Windows
v2.7.4
This release includes security fixes. Please check the topics below for details.
CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP CVE-2021-31799: A command injection vulnerability in RDoc
v2.7.5
This release includes security fixes. Please check the topics below for details.
CVE-2021-41817: Regular Expression Denial of Service Vulnerability of Date Parsing Methods CVE-2021-41816: Buffer Overrun in CGI.escape_html CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse