Ruby: 1.9.3p551 → 2.7.7
Ruby · upgrade impact · Official site ↗
Fixed by upgrading to 2.7.7 iVulnerabilities that affect 1.9.3p551 but no longer affect 2.7.7 — the security gain from this upgrade, by exploited status then exploitation probability.
Exploited first, then by exploitation probability (EPSS).
CVE-2020-5247 MEDIUM EPSS 2% ✓ cleared in 2.7.7 CVE-2017-10784 HIGH EPSS 2% ✓ cleared in 2.7.7 CVE-2017-14064 CRITICAL EPSS 2% ✓ cleared in 2.7.7 CVE-2018-8780 CRITICAL EPSS 2% ✓ cleared in 2.7.7 CVE-2015-9096 MEDIUM EPSS 2% ✓ cleared in 2.7.7 CVE-2021-41819 HIGH EPSS 1% ✓ cleared in 2.7.7 CVE-2019-16254 MEDIUM EPSS 1% ✓ cleared in 2.7.7 CVE-2021-31810 MEDIUM EPSS 1% ✓ cleared in 2.7.7 CVE-2021-28965 HIGH EPSS 1% ✓ cleared in 2.7.7 CVE-2017-9229 HIGH EPSS 0% ✓ cleared in 2.7.7 CVE-2022-28739 HIGH EPSS 0% ✓ cleared in 2.7.7 CVE-2020-25613 HIGH EPSS 0% ✓ cleared in 2.7.7 CVE-2021-28966 HIGH EPSS 0% ✓ cleared in 2.7.7 CVE-2015-7551 HIGH EPSS 0% ✓ cleared in 2.7.7 CVE-2017-9225 CRITICAL EPSS 0% ✓ cleared in 2.7.7Still open in 2.7.7 iKnown vulnerabilities that affect 2.7.7 too — upgrading to it does not clear these.
These affect 2.7.7 as well — a later release may be needed.
CVE-2023-28756 MEDIUM EPSS 1% → see advisory