Vulnerability Details CVE-2018-10199
In versions of mruby up to and including 1.4.0, a use-after-free vulnerability exists in src/io.c::File#initilialize_copy(). An attacker that can cause Ruby code to be run can possibly use this to execute arbitrary code.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 80.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2018-10199
-
cpe:2.3:a:mruby:mruby:-
-
cpe:2.3:a:mruby:mruby:1.0.0
-
cpe:2.3:a:mruby:mruby:1.1.0
-
cpe:2.3:a:mruby:mruby:1.2.0
-
cpe:2.3:a:mruby:mruby:1.3.0
-
cpe:2.3:a:mruby:mruby:1.4.0