Upgrade RHEL:7 rubygems-devel to version 0:2.0.14.1-35.el7_4 or higher. This issue was patched in RHSA-2020:0591 .

Deserialization of Untrusted Data in rubygems-devel | CVE-2018-1000074

Threat Intelligence

Not Defined

0.05% (18^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-WOLFILATEST-RENOVATE-6405763
published6 Mar 2024
disclosed6 Mar 2024

Report a new vulnerability Found a mistake?

Introduced: 6 Mar 2024

CVE-2024-27307 (opens in a new tab)

How to fix?

Upgrade Wolfi renovate to version 37.229.2-r0 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream renovate package and not the renovate package as distributed by Wolfi. See How to fix? for Wolfi relevant fixed versions and status.

JSONata is a JSON query and transformation language. Starting in version 1.4.0 and prior to version 1.8.7 and 2.0.4, a malicious expression can use the transform operator to override properties on the Object constructor and prototype. This may lead to denial of service, remote code execution or other unexpected behavior in applications that evaluate user-provided JSONata expressions. This issue has been fixed in JSONata versions 1.8.7 and 2.0.4. Applications that evaluate user-provided expressions should update ASAP to prevent exploitation. As a workaround, one may apply the patch manually.

CVE-2024-27307 Affecting renovate package, versions <37.229.2-r0

Severity

Threat Intelligence

Do your applications use this vulnerable package?

Introduced: 6 Mar 2024

How to fix?

NVD Description

References