Is stringio affected by CVE-2024-27280?

RubyGems stringio is affected in <3.0.1.1.

Is CVE-2024-27280 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 2.4%.

critical

CVE-2024-27280

Q: Is CVE-2024-27280 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 2.4%.

RubyGems · stringio

Summary

StringIO buffer overread vulnerability

Severity: critical
EPSS: 2.4% (p82)
Also known as: GHSA-v5h6-c2hv-hv3r
Published: 2024-03-25

References

https://nvd.nist.gov/vuln/detail/CVE-2024-27280
https://github.com/ruby/stringio/commit/0e596524097706263d10900ca180898e4a8f5233
https://github.com/ruby/stringio/commit/c58c5f54f1eab99665ea6a161d29ff6a7490afc8

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.