SecuritySpace - CVE-2024-27282

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2024-27282

Description: An issue was discovered in Ruby 3.x through 3.3.0. If attacker- supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2024-27282
https://hackerone.com/reports/2122624

CVE ID:	CVE-2024-27282
Description:	An issue was discovered in Ruby 3.x through 3.3.0. If attacker- supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2024-27282 https://hackerone.com/reports/2122624