RHSA-2026:33540
Vulnerability from csaf_redhat - Published: 2026-06-30 15:46 - Updated: 2026-06-30 19:05Summary
Red Hat Security Advisory: ruby4.0 security update
Severity
Important
Notes
Topic: An update for ruby4.0 is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible.
Security Fix(es):
* ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses (CVE-2026-42245)
* ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments (CVE-2026-42258)
* net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS (CVE-2026-42246)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Net::IMAP, a Ruby library implementing the Internet Message Access Protocol (IMAP) client functionality. A hostile server can exploit a quadratic time complexity issue in the `Net::IMAP::ResponseReader` when processing large responses containing numerous string literals. This can lead to the client's CPU being exhausted, resulting in a denial of service (DoS) attack.
6.5 (Medium)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.2.Z:ruby4.0-doc-0:4.0.3-35.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAP#starttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle (MITM) attacker can inject a predicted tagged OK response before the client completes the STARTTLS command, causing the operation to appear successful without establishing a TLS session. As a result, the connection may continue to transmit sensitive information in cleartext and enable modification of data exchanged over the affected connection, while the application incorrectly believes that encryption has been enabled.
7.4 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.2.Z:ruby4.0-doc-0:4.0.3-35.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol (IMAP) client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful exploitation could lead to unauthorized actions on the IMAP server or client, potentially resulting in information disclosure or other integrity impacts.
7.1 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.2.Z:ruby4.0-doc-0:4.0.3-35.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
32 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for ruby4.0 is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible.\n\nSecurity Fix(es):\n\n* ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses (CVE-2026-42245)\n\n* ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments (CVE-2026-42258)\n\n* net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS (CVE-2026-42246)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:33540",
"url": "https://access.redhat.com/errata/RHSA-2026:33540"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2468495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468495"
},
{
"category": "external",
"summary": "2468498",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468498"
},
{
"category": "external",
"summary": "2468499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468499"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_33540.json"
}
],
"title": "Red Hat Security Advisory: ruby4.0 security update",
"tracking": {
"current_release_date": "2026-06-30T19:05:28+00:00",
"generator": {
"date": "2026-06-30T19:05:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:33540",
"initial_release_date": "2026-06-30T15:46:12+00:00",
"revision_history": [
{
"date": "2026-06-30T15:46:12+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-30T15:46:12+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T19:05:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.2"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby4.0-0:4.0.3-35.el10_2.src",
"product": {
"name": "ruby4.0-0:4.0.3-35.el10_2.src",
"product_id": "ruby4.0-0:4.0.3-35.el10_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0@4.0.3-35.el10_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby4.0-0:4.0.3-35.el10_2.aarch64",
"product": {
"name": "ruby4.0-0:4.0.3-35.el10_2.aarch64",
"product_id": "ruby4.0-0:4.0.3-35.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0@4.0.3-35.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ruby4.0-devel-0:4.0.3-35.el10_2.aarch64",
"product": {
"name": "ruby4.0-devel-0:4.0.3-35.el10_2.aarch64",
"product_id": "ruby4.0-devel-0:4.0.3-35.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0-devel@4.0.3-35.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.aarch64",
"product": {
"name": "ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.aarch64",
"product_id": "ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0-rubygem-mysql2@0.5.7-35.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.aarch64",
"product": {
"name": "ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.aarch64",
"product_id": "ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0-rubygem-pg@1.6.3-35.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ruby4.0-debugsource-0:4.0.3-35.el10_2.aarch64",
"product": {
"name": "ruby4.0-debugsource-0:4.0.3-35.el10_2.aarch64",
"product_id": "ruby4.0-debugsource-0:4.0.3-35.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0-debugsource@4.0.3-35.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ruby4.0-debuginfo-0:4.0.3-35.el10_2.aarch64",
"product": {
"name": "ruby4.0-debuginfo-0:4.0.3-35.el10_2.aarch64",
"product_id": "ruby4.0-debuginfo-0:4.0.3-35.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0-debuginfo@4.0.3-35.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.aarch64",
"product": {
"name": "ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.aarch64",
"product_id": "ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0-rubygem-mysql2-debuginfo@0.5.7-35.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.aarch64",
"product": {
"name": "ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.aarch64",
"product_id": "ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0-rubygem-pg-debuginfo@1.6.3-35.el10_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby4.0-0:4.0.3-35.el10_2.ppc64le",
"product": {
"name": "ruby4.0-0:4.0.3-35.el10_2.ppc64le",
"product_id": "ruby4.0-0:4.0.3-35.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0@4.0.3-35.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ruby4.0-devel-0:4.0.3-35.el10_2.ppc64le",
"product": {
"name": "ruby4.0-devel-0:4.0.3-35.el10_2.ppc64le",
"product_id": "ruby4.0-devel-0:4.0.3-35.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0-devel@4.0.3-35.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.ppc64le",
"product": {
"name": "ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.ppc64le",
"product_id": "ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0-rubygem-mysql2@0.5.7-35.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.ppc64le",
"product": {
"name": "ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.ppc64le",
"product_id": "ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0-rubygem-pg@1.6.3-35.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ruby4.0-debugsource-0:4.0.3-35.el10_2.ppc64le",
"product": {
"name": "ruby4.0-debugsource-0:4.0.3-35.el10_2.ppc64le",
"product_id": "ruby4.0-debugsource-0:4.0.3-35.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0-debugsource@4.0.3-35.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ruby4.0-debuginfo-0:4.0.3-35.el10_2.ppc64le",
"product": {
"name": "ruby4.0-debuginfo-0:4.0.3-35.el10_2.ppc64le",
"product_id": "ruby4.0-debuginfo-0:4.0.3-35.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0-debuginfo@4.0.3-35.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.ppc64le",
"product": {
"name": "ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.ppc64le",
"product_id": "ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0-rubygem-mysql2-debuginfo@0.5.7-35.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.ppc64le",
"product": {
"name": "ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.ppc64le",
"product_id": "ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0-rubygem-pg-debuginfo@1.6.3-35.el10_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby4.0-0:4.0.3-35.el10_2.s390x",
"product": {
"name": "ruby4.0-0:4.0.3-35.el10_2.s390x",
"product_id": "ruby4.0-0:4.0.3-35.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0@4.0.3-35.el10_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ruby4.0-devel-0:4.0.3-35.el10_2.s390x",
"product": {
"name": "ruby4.0-devel-0:4.0.3-35.el10_2.s390x",
"product_id": "ruby4.0-devel-0:4.0.3-35.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0-devel@4.0.3-35.el10_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.s390x",
"product": {
"name": "ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.s390x",
"product_id": "ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0-rubygem-mysql2@0.5.7-35.el10_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.s390x",
"product": {
"name": "ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.s390x",
"product_id": "ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0-rubygem-pg@1.6.3-35.el10_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ruby4.0-debugsource-0:4.0.3-35.el10_2.s390x",
"product": {
"name": "ruby4.0-debugsource-0:4.0.3-35.el10_2.s390x",
"product_id": "ruby4.0-debugsource-0:4.0.3-35.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0-debugsource@4.0.3-35.el10_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ruby4.0-debuginfo-0:4.0.3-35.el10_2.s390x",
"product": {
"name": "ruby4.0-debuginfo-0:4.0.3-35.el10_2.s390x",
"product_id": "ruby4.0-debuginfo-0:4.0.3-35.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0-debuginfo@4.0.3-35.el10_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.s390x",
"product": {
"name": "ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.s390x",
"product_id": "ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0-rubygem-mysql2-debuginfo@0.5.7-35.el10_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.s390x",
"product": {
"name": "ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.s390x",
"product_id": "ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0-rubygem-pg-debuginfo@1.6.3-35.el10_2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby4.0-0:4.0.3-35.el10_2.x86_64",
"product": {
"name": "ruby4.0-0:4.0.3-35.el10_2.x86_64",
"product_id": "ruby4.0-0:4.0.3-35.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0@4.0.3-35.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby4.0-devel-0:4.0.3-35.el10_2.x86_64",
"product": {
"name": "ruby4.0-devel-0:4.0.3-35.el10_2.x86_64",
"product_id": "ruby4.0-devel-0:4.0.3-35.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0-devel@4.0.3-35.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.x86_64",
"product": {
"name": "ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.x86_64",
"product_id": "ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0-rubygem-mysql2@0.5.7-35.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.x86_64",
"product": {
"name": "ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.x86_64",
"product_id": "ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0-rubygem-pg@1.6.3-35.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby4.0-debugsource-0:4.0.3-35.el10_2.x86_64",
"product": {
"name": "ruby4.0-debugsource-0:4.0.3-35.el10_2.x86_64",
"product_id": "ruby4.0-debugsource-0:4.0.3-35.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0-debugsource@4.0.3-35.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby4.0-debuginfo-0:4.0.3-35.el10_2.x86_64",
"product": {
"name": "ruby4.0-debuginfo-0:4.0.3-35.el10_2.x86_64",
"product_id": "ruby4.0-debuginfo-0:4.0.3-35.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0-debuginfo@4.0.3-35.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.x86_64",
"product": {
"name": "ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.x86_64",
"product_id": "ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0-rubygem-mysql2-debuginfo@0.5.7-35.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.x86_64",
"product": {
"name": "ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.x86_64",
"product_id": "ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0-rubygem-pg-debuginfo@1.6.3-35.el10_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby4.0-doc-0:4.0.3-35.el10_2.noarch",
"product": {
"name": "ruby4.0-doc-0:4.0.3-35.el10_2.noarch",
"product_id": "ruby4.0-doc-0:4.0.3-35.el10_2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0-doc@4.0.3-35.el10_2?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4.0-0:4.0.3-35.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.aarch64"
},
"product_reference": "ruby4.0-0:4.0.3-35.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4.0-0:4.0.3-35.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.ppc64le"
},
"product_reference": "ruby4.0-0:4.0.3-35.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4.0-0:4.0.3-35.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.s390x"
},
"product_reference": "ruby4.0-0:4.0.3-35.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4.0-0:4.0.3-35.el10_2.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.src"
},
"product_reference": "ruby4.0-0:4.0.3-35.el10_2.src",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4.0-0:4.0.3-35.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.x86_64"
},
"product_reference": "ruby4.0-0:4.0.3-35.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4.0-debuginfo-0:4.0.3-35.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.aarch64"
},
"product_reference": "ruby4.0-debuginfo-0:4.0.3-35.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4.0-debuginfo-0:4.0.3-35.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.ppc64le"
},
"product_reference": "ruby4.0-debuginfo-0:4.0.3-35.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4.0-debuginfo-0:4.0.3-35.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.s390x"
},
"product_reference": "ruby4.0-debuginfo-0:4.0.3-35.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4.0-debuginfo-0:4.0.3-35.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.x86_64"
},
"product_reference": "ruby4.0-debuginfo-0:4.0.3-35.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4.0-debugsource-0:4.0.3-35.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.aarch64"
},
"product_reference": "ruby4.0-debugsource-0:4.0.3-35.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4.0-debugsource-0:4.0.3-35.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.ppc64le"
},
"product_reference": "ruby4.0-debugsource-0:4.0.3-35.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4.0-debugsource-0:4.0.3-35.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.s390x"
},
"product_reference": "ruby4.0-debugsource-0:4.0.3-35.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4.0-debugsource-0:4.0.3-35.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.x86_64"
},
"product_reference": "ruby4.0-debugsource-0:4.0.3-35.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4.0-devel-0:4.0.3-35.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.aarch64"
},
"product_reference": "ruby4.0-devel-0:4.0.3-35.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4.0-devel-0:4.0.3-35.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.ppc64le"
},
"product_reference": "ruby4.0-devel-0:4.0.3-35.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4.0-devel-0:4.0.3-35.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.s390x"
},
"product_reference": "ruby4.0-devel-0:4.0.3-35.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4.0-devel-0:4.0.3-35.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.x86_64"
},
"product_reference": "ruby4.0-devel-0:4.0.3-35.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.aarch64"
},
"product_reference": "ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.ppc64le"
},
"product_reference": "ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.s390x"
},
"product_reference": "ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.x86_64"
},
"product_reference": "ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.aarch64"
},
"product_reference": "ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.ppc64le"
},
"product_reference": "ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.s390x"
},
"product_reference": "ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.x86_64"
},
"product_reference": "ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.aarch64"
},
"product_reference": "ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.ppc64le"
},
"product_reference": "ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.s390x"
},
"product_reference": "ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.x86_64"
},
"product_reference": "ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.aarch64"
},
"product_reference": "ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.ppc64le"
},
"product_reference": "ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.s390x"
},
"product_reference": "ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.x86_64"
},
"product_reference": "ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4.0-doc-0:4.0.3-35.el10_2.noarch as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:ruby4.0-doc-0:4.0.3-35.el10_2.noarch"
},
"product_reference": "ruby4.0-doc-0:4.0.3-35.el10_2.noarch",
"relates_to_product_reference": "CRB-10.2.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-42245",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-05-09T20:00:52.314743+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2468495"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Net::IMAP, a Ruby library implementing the Internet Message Access Protocol (IMAP) client functionality. A hostile server can exploit a quadratic time complexity issue in the `Net::IMAP::ResponseReader` when processing large responses containing numerous string literals. This can lead to the client\u0027s CPU being exhausted, resulting in a denial of service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has rated this flaw as Moderate because a malicious IMAP server can trigger excessive CPU consumption in applications using the affected Net::IMAP library, resulting in a denial-of-service condition. Successful exploitation requires interaction with a hostile server, and the impact is limited to resource exhaustion of the affected client process. The vulnerability does not allow code execution, privilege escalation, or unauthorized access to data, reducing the overall security impact despite the potential availability impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.src",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.x86_64",
"CRB-10.2.Z:ruby4.0-doc-0:4.0.3-35.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42245"
},
{
"category": "external",
"summary": "RHBZ#2468495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42245",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42245"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42245",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42245"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/commit/6091f7d6b1f3514cafbfe39c76f2b5d73de3ca96",
"url": "https://github.com/ruby/net-imap/commit/6091f7d6b1f3514cafbfe39c76f2b5d73de3ca96"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/commit/88d95231fc8afef11c1f074453f7d75b68c9dfda",
"url": "https://github.com/ruby/net-imap/commit/88d95231fc8afef11c1f074453f7d75b68c9dfda"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/commit/de685f91a4a4cc75eb80da898c2bf8af08d34819",
"url": "https://github.com/ruby/net-imap/commit/de685f91a4a4cc75eb80da898c2bf8af08d34819"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/releases/tag/v0.4.24",
"url": "https://github.com/ruby/net-imap/releases/tag/v0.4.24"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/releases/tag/v0.5.14",
"url": "https://github.com/ruby/net-imap/releases/tag/v0.5.14"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/releases/tag/v0.6.4",
"url": "https://github.com/ruby/net-imap/releases/tag/v0.6.4"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/security/advisories/GHSA-q2mw-fvj9-vvcw",
"url": "https://github.com/ruby/net-imap/security/advisories/GHSA-q2mw-fvj9-vvcw"
}
],
"release_date": "2026-05-09T19:37:08.905000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:46:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.src",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.x86_64",
"CRB-10.2.Z:ruby4.0-doc-0:4.0.3-35.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33540"
},
{
"category": "workaround",
"details": "To reduce the risk of a denial of service, ensure that applications using the Net::IMAP library are configured to connect exclusively to trusted IMAP servers. Avoid connecting to untrusted or unverified IMAP services, as a hostile server can exploit this vulnerability. This operational control helps prevent exposure to malicious IMAP response processing.",
"product_ids": [
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.src",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.x86_64",
"CRB-10.2.Z:ruby4.0-doc-0:4.0.3-35.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.src",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.x86_64",
"CRB-10.2.Z:ruby4.0-doc-0:4.0.3-35.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses"
},
{
"cve": "CVE-2026-42246",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-05-09T20:01:04.782096+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2468499"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAP#starttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle (MITM) attacker can inject a predicted tagged OK response before the client completes the STARTTLS command, causing the operation to appear successful without establishing a TLS session. As a result, the connection may continue to transmit sensitive information in cleartext and enable modification of data exchanged over the affected connection, while the application incorrectly believes that encryption has been enabled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability affects the STARTTLS functionality in the Ruby net-imap library. Red Hat Product Security has assessed this issue as an Important severity vulnerability.\n\nAttack Complexity is considered High (AC:H), because successful exploitation requires an attacker capable of intercepting and modifying network traffic and successfully winning a timing race during the STARTTLS negotiation process.\n\nThis may allow exposure of authentication credentials, email contents, and other sensitive information, as well as unauthorized modification of data transmitted over the affected connection.\n\n```\n\nRed Hat\u0027s ruby packages distribute net-imap as a default bundled gem, the ruby package itself is listed affected. Applications relying on the system-provided Ruby installation to handle IMAP connections may be exposed to this flaw.\n\nRed Hat 3scale API Management uses net-imap which is a transitive dependency of mail, which is a dependency of actionmailer and actionmailbox. The images doesn\u2019t load them or use them in any way, hence, they are not affected.\n\n```",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.src",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.x86_64",
"CRB-10.2.Z:ruby4.0-doc-0:4.0.3-35.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42246"
},
{
"category": "external",
"summary": "RHBZ#2468499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468499"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42246",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42246"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42246",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42246"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/commit/0ede4c40b1523dfeaf95777b2678e54cc0fd9618",
"url": "https://github.com/ruby/net-imap/commit/0ede4c40b1523dfeaf95777b2678e54cc0fd9618"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/commit/24a4e770b43230286a05aa2a9746cdbb3eb8485e",
"url": "https://github.com/ruby/net-imap/commit/24a4e770b43230286a05aa2a9746cdbb3eb8485e"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/commit/97e2488fb5401a1783bddd959dde007d9fbce42c",
"url": "https://github.com/ruby/net-imap/commit/97e2488fb5401a1783bddd959dde007d9fbce42c"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/commit/f79d35bf5833f186e81044c57c843eda30c873da",
"url": "https://github.com/ruby/net-imap/commit/f79d35bf5833f186e81044c57c843eda30c873da"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/releases/tag/v0.3.10",
"url": "https://github.com/ruby/net-imap/releases/tag/v0.3.10"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/releases/tag/v0.4.24",
"url": "https://github.com/ruby/net-imap/releases/tag/v0.4.24"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/releases/tag/v0.5.14",
"url": "https://github.com/ruby/net-imap/releases/tag/v0.5.14"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/security/advisories/GHSA-vcgp-9326-pqcp",
"url": "https://github.com/ruby/net-imap/security/advisories/GHSA-vcgp-9326-pqcp"
}
],
"release_date": "2026-05-09T19:33:17.880000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:46:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.src",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.x86_64",
"CRB-10.2.Z:ruby4.0-doc-0:4.0.3-35.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33540"
},
{
"category": "workaround",
"details": "As a temporary workaround, Users are strongly encouraged to switch from explicit TLS upgrading mechanisms (STARTTLS on port 143) to Implicit TLS connections (such as IMAPS on port 993).\n\nBy enforcing implicit TLS via port 993 from the initial socket creation step, the connection is mathematically protected against packet injection and connection degradation tactics entirely, bypassing the vulnerable implementation path.",
"product_ids": [
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.src",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.x86_64",
"CRB-10.2.Z:ruby4.0-doc-0:4.0.3-35.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.src",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.x86_64",
"CRB-10.2.Z:ruby4.0-doc-0:4.0.3-35.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS"
},
{
"cve": "CVE-2026-42258",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-05-09T20:01:01.698992+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2468498"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol (IMAP) client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful exploitation could lead to unauthorized actions on the IMAP server or client, potentially resulting in information disclosure or other integrity impacts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This command injection flaw is limited to the injection of IMAP commands. Arbitrary code execution is not a risk of this flaw and so the impact is limited to email systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.src",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.x86_64",
"CRB-10.2.Z:ruby4.0-doc-0:4.0.3-35.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42258"
},
{
"category": "external",
"summary": "RHBZ#2468498",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468498"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42258",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42258"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42258",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42258"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/releases/tag/v0.4.24",
"url": "https://github.com/ruby/net-imap/releases/tag/v0.4.24"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/releases/tag/v0.5.14",
"url": "https://github.com/ruby/net-imap/releases/tag/v0.5.14"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/releases/tag/v0.6.4",
"url": "https://github.com/ruby/net-imap/releases/tag/v0.6.4"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/security/advisories/GHSA-75xq-5h9v-w6px",
"url": "https://github.com/ruby/net-imap/security/advisories/GHSA-75xq-5h9v-w6px"
}
],
"release_date": "2026-05-09T19:40:49.405000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:46:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.src",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.x86_64",
"CRB-10.2.Z:ruby4.0-doc-0:4.0.3-35.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33540"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.src",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.x86_64",
"CRB-10.2.Z:ruby4.0-doc-0:4.0.3-35.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.src",
"AppStream-10.2.Z:ruby4.0-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-debuginfo-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-debugsource-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-devel-0:4.0.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-0:0.5.7-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-mysql2-debuginfo-0:0.5.7-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-0:1.6.3-35.el10_2.x86_64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.aarch64",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.ppc64le",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.s390x",
"AppStream-10.2.Z:ruby4.0-rubygem-pg-debuginfo-0:1.6.3-35.el10_2.x86_64",
"CRB-10.2.Z:ruby4.0-doc-0:4.0.3-35.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…