CVE-2019-16254

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF.
Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
ruby-langruby
𝑥
≤ 2.3.0
ruby-langruby
2.4.0 ≤
𝑥
≤ 2.4.7
ruby-langruby
2.5.0 ≤
𝑥
≤ 2.5.6
ruby-langruby
2.6.0 ≤
𝑥
≤ 2.6.4
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
jruby
bookworm
9.3.9.0+ds-8
fixed
sid
9.4.8.0+ds-1
fixed
trixie
9.4.8.0+ds-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jruby
bionic
not-affected
disco
not-affected
eoan
ignored
focal
not-affected
groovy
not-affected
hirsute
not-affected
impish
not-affected
trusty
Fixed 1.5.6-9+deb8u2build0.14.04.1~esm2
released
xenial
not-affected
ruby2.3
bionic
dne
disco
dne
eoan
dne
focal
dne
groovy
dne
hirsute
dne
impish
dne
jammy
dne
trusty
dne
xenial
Fixed 2.3.1-2~ubuntu16.04.14
released
ruby2.5
bionic
Fixed 2.5.1-1ubuntu1.6
released
disco
Fixed 2.5.5-1ubuntu1.1
released
eoan
Fixed 2.5.5-4ubuntu2.1
released
focal
dne
groovy
dne
hirsute
dne
impish
dne
jammy
dne
trusty
dne
xenial
dne
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libruby2_1-2_1
suse enterprise sap 12 SP4
2.1.9-19.3.2
fixed
suse enterprise sap 12 SP5
2.1.9-19.3.2
fixed
suse enterprise server 12 SP2
2.1.9-19.3.2
fixed
suse enterprise server 12 SP3
2.1.9-19.3.2
fixed
suse enterprise server 12 SP4
2.1.9-19.3.2
fixed
suse enterprise server 12 SP5
2.1.9-19.3.2
fixed
libruby2_5-2_5
suse enterprise desktop 15 SP1
2.5.7-4.8.1
fixed
suse enterprise desktop 15 SP2
2.5.7-4.8.1
fixed
suse enterprise desktop 15 SP3
2.5.7-4.8.1
fixed
suse enterprise desktop 15 SP4
2.5.7-4.8.1
fixed
suse enterprise desktop 15 SP5
2.5.7-4.8.1
fixed
suse enterprise desktop 15 SP6
2.5.7-4.8.1
fixed
suse enterprise desktop 15 SP7
2.5.9-150700.22.16
fixed
suse enterprise sap 15 SP1
2.5.7-4.8.1
fixed
suse enterprise sap 15 SP2
2.5.7-4.8.1
fixed
suse enterprise sap 15 SP3
2.5.7-4.8.1
fixed
suse enterprise sap 15 SP4
2.5.7-4.8.1
fixed
suse enterprise sap 15 SP5
2.5.7-4.8.1
fixed
suse enterprise sap 15 SP6
2.5.7-4.8.1
fixed
suse enterprise sap 15 SP7
2.5.9-150700.22.16
fixed
suse enterprise server 15
2.5.7-4.8.1
fixed
suse enterprise server 15 SP1
2.5.7-4.8.1
fixed
suse enterprise server 15 SP2
2.5.7-4.8.1
fixed
suse enterprise server 15 SP3
2.5.7-4.8.1
fixed
suse enterprise server 15 SP4
2.5.7-4.8.1
fixed
suse enterprise server 15 SP5
2.5.7-4.8.1
fixed
suse enterprise server 15 SP6
2.5.7-4.8.1
fixed
suse enterprise server 15 SP7
2.5.9-150700.22.16
fixed
yast2-ruby-bindings
suse enterprise server 12 SP2
3.1.53-9.8.1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
ruby
Amazon Linux 2
0:2.0.0.648-36.amzn2.0.7
fixed
ruby-debuginfo
Amazon Linux 2
0:2.0.0.648-36.amzn2.0.7
fixed
ruby-devel
Amazon Linux 2
0:2.0.0.648-36.amzn2.0.7
fixed
ruby-doc
Amazon Linux 2
0:2.0.0.648-36.amzn2.0.7
fixed
ruby-irb
Amazon Linux 2
0:2.0.0.648-36.amzn2.0.7
fixed
ruby-libs
Amazon Linux 2
0:2.0.0.648-36.amzn2.0.7
fixed
ruby-tcltk
Amazon Linux 2
0:2.0.0.648-36.amzn2.0.7
fixed
ruby24
Amazon Linux 1
0:2.4.10-2.12.amzn1
fixed
ruby24-debuginfo
Amazon Linux 1
0:2.4.10-2.12.amzn1
fixed
ruby24-devel
Amazon Linux 1
0:2.4.10-2.12.amzn1
fixed
ruby24-doc
Amazon Linux 1
0:2.4.10-2.12.amzn1
fixed
ruby24-irb
Amazon Linux 1
0:2.4.10-2.12.amzn1
fixed
ruby24-libs
Amazon Linux 1
0:2.4.10-2.12.amzn1
fixed
rubygem-bigdecimal
Amazon Linux 2
0:1.2.0-36.amzn2.0.7
fixed
rubygem-io-console
Amazon Linux 2
0:0.4.2-36.amzn2.0.7
fixed
rubygem-json
Amazon Linux 2
0:1.7.7-36.amzn2.0.7
fixed
rubygem-minitest
Amazon Linux 2
0:4.3.2-36.amzn2.0.7
fixed
rubygem-psych
Amazon Linux 2
0:2.0.0-36.amzn2.0.7
fixed
rubygem-rake
Amazon Linux 2
0:0.9.6-36.amzn2.0.7
fixed
rubygem-rdoc
Amazon Linux 2
0:4.0.0-36.amzn2.0.7
fixed
rubygem24-bigdecimal
Amazon Linux 1
0:1.3.2-2.12.amzn1
fixed
rubygem24-did_you_mean
Amazon Linux 1
0:1.1.0-2.12.amzn1
fixed
rubygem24-io-console
Amazon Linux 1
0:0.4.6-2.12.amzn1
fixed
rubygem24-json
Amazon Linux 1
0:2.0.4-2.12.amzn1
fixed
rubygem24-minitest5
Amazon Linux 1
0:5.10.1-2.12.amzn1
fixed
rubygem24-net-telnet
Amazon Linux 1
0:0.1.1-2.12.amzn1
fixed
rubygem24-power_assert
Amazon Linux 1
0:0.4.1-2.12.amzn1
fixed
rubygem24-psych
Amazon Linux 1
0:2.2.2-2.12.amzn1
fixed
rubygem24-rdoc
Amazon Linux 1
0:5.0.1-2.12.amzn1
fixed
rubygem24-test-unit
Amazon Linux 1
0:3.2.3-2.12.amzn1
fixed
rubygem24-xmlrpc
Amazon Linux 1
0:0.2.1-2.12.amzn1
fixed
rubygems
Amazon Linux 2
0:2.0.14.1-36.amzn2.0.7
fixed
rubygems-devel
Amazon Linux 2
0:2.0.14.1-36.amzn2.0.7
fixed
rubygems24
Amazon Linux 1
0:2.6.14.4-2.12.amzn1
fixed
rubygems24-devel
Amazon Linux 1
0:2.6.14.4-2.12.amzn1
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
ruby
CBL-Mariner 1.0
0:2.6.7-1.cm1
fixed
References