rubygem-psych vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the rubygem-psych package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M CVE-2018-16396	<0:2.0.0-36.el7
M Use of Externally-Controlled Format String	<0:2.0.0-36.el7
M Improper Input Validation	<0:2.0.0-36.el7
M Resource Exhaustion	<0:2.0.0-36.el7
M Directory Traversal	<0:2.0.0-36.el7
M Loop with Unreachable Exit Condition ('Infinite Loop')	<0:2.0.0-36.el7
M Link Following	<0:2.0.0-36.el7
M Improper Verification of Cryptographic Signature	<0:2.0.0-36.el7
M Deserialization of Untrusted Data	<0:2.0.0-36.el7
M Directory Traversal	<0:2.0.0-36.el7
M Cross-site Scripting (XSS)	<0:2.0.0-36.el7
M Improper Input Validation	<0:2.0.0-36.el7
M Directory Traversal	<0:2.0.0-36.el7
M HTTP Response Splitting	<0:2.0.0-36.el7
H Arbitrary Code Injection	<0:2.0.0-35.el7_6
H Arbitrary Code Injection	<0:2.0.0-35.el7_6
H Arbitrary Code Injection	<0:2.0.0-35.el7_6
H Arbitrary Code Injection	<0:2.0.0-35.el7_6
H CVE-2018-16395	<0:2.0.0-34.el7_6
H Arbitrary Code Injection	<0:2.0.0-33.el7_4
H Deserialization of Untrusted Data	<0:2.0.0-33.el7_4
H Out-of-Bounds	<0:2.0.0-33.el7_4
H Improper Authentication	<0:2.0.0-33.el7_4
H Improper Input Validation	<0:2.0.0-33.el7_4
H Out-of-Bounds	<0:2.0.0-33.el7_4
H Use of Externally-Controlled Format String	<0:2.0.0-33.el7_4
H OS Command Injection	<0:2.0.0-33.el7_4
H Origin Validation Error	<0:2.0.0-33.el7_4
H Improper Input Validation	<0:2.0.0-33.el7_4
H Arbitrary Code Injection	<0:2.0.0-33.el7_4
M Out-of-Bounds	<0:2.0.0-22.el7_0
M CVE-2014-8080	<0:2.0.0-22.el7_0
M CVE-2014-8090	<0:2.0.0-22.el7_0