Ruby · Ruby · CVE-2018-16396
**Name of the Vulnerable Software and Affected Versions**
Ruby versions prior to 2.3.8
Ruby versions 2.4.x prior to 2.4.5
Ruby versions 2.5.x prior to 2.5.2
Ruby versions 2.6.x prior to 2.6.0-preview3
**Description**
The issue concerns the handling of tainted strings in Ruby. Specifically, it does not taint strings that result from unpacking tainted strings with some formats.
**Recommendations**
For Ruby versions prior to 2.3.8, update to version 2.3.8 or later.
For Ruby versions 2.4.x prior to 2.4.5, update to version 2.4.5 or later.
For Ruby versions 2.5.x prior to 2.5.2, update to version 2.5.2 or later.
For Ruby versions 2.6.x prior to 2.6.0-preview3, update to version 2.6.0-preview3 or later.