mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-30 18:21:17 +00:00
24 lines
968 B
JSON
24 lines
968 B
JSON
|
{
|
||
|
|
"id": "CVE-2024-27280",
|
||
|
|
"sourceIdentifier": "cve@mitre.org",
|
||
|
|
"published": "2024-05-14T15:11:56.940",
|
||
|
|
"lastModified": "2024-05-14T15:11:56.940",
|
||
|
|
"vulnStatus": "Received",
|
||
|
|
"descriptions": [
|
||
|
|
{
|
||
|
|
"lang": "en",
|
||
|
|
"value": "A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fixed version; however, for Ruby 3.0 users, a fixed version is stringio 3.0.1.1, and for Ruby 3.1 users, a fixed version is stringio 3.0.1.2."
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"metrics": {},
|
||
|
|
"references": [
|
||
|
|
{
|
||
|
|
"url": "https://hackerone.com/reports/1399856",
|
||
|
|
"source": "cve@mitre.org"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"url": "https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/",
|
||
|
|
"source": "cve@mitre.org"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|