CVE-2018-3759
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
private_address_check contains race condition
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| RubyGems | private_address_check | <>= 0.5.0 | >= 0.5.0 |
| RubyGems | private_address_check | <0.5.0 | 0.5.0 |
References
- https://github.com/jtdowney/private_address_check/commit/4068228187db87fea7577f7020099399772bb147
- https://nvd.nist.gov/vuln/detail/CVE-2018-3759
- https://github.com/advisories/GHSA-2xvj-j3qh-x8c3
- https://github.com/jtdowney/private_address_check
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/private_address_check/CVE-2018-3759.yml
Verify integrity in audit chain (admin only). AS-IS.