Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ruby 代码问题漏洞
Vulnerability Description
Ruby是松本行弘软件开发者的一种跨平台、面向对象的动态类型编程语言。 Ruby中的OpenSSL库存在代码问题漏洞,该漏洞源于程序没有正确的处理X.509证书。攻击者可通过构建非法证书利用该漏洞绕过证书检查。以下产品及版本受到影响:Ruby 2.3.8之前版本,2.4.5之前的2.4.x版本,2.5.2之前的2.5.x版本,2.6.0-preview3之前的2.6.x版本。
CVSS Information
N/A
Vulnerability Type
N/A