VIR Vulnerability Intelligence Relay

CVE-2017-10784

high
Published 2022-05-14 · Modified 2024-03-13
CVSS v3
8.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS v2
9.3
VIR risk
8.8

Description

WEBrick RCE Vulnerability

Predictions

Exploit likelihood
92%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2017-10784.html

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/

OS impact
OSVersionStatusFixed in
suse slesaffected

Package impact
EcosystemPackageVulnerableFixed
ruby RubyGemswebrick<>= 1.4.0>= 1.4.0
ruby RubyGemswebrick<1.4.01.4.0

Application impact
VendorProductVersionsFixed
ruby-langruby{"endIncluding":"2.2.7"}
ruby-langruby2.3.0
ruby-langruby2.3.1
ruby-langruby2.3.2
ruby-langruby2.3.3
ruby-langruby2.3.4
ruby-langruby2.4.0
ruby-langruby2.4.1

References

CWEs

CWE-287

Verify integrity in audit chain (admin only). AS-IS.