CVE-2017-10784: Critical severity ruby-lang ruby vulnerability
Last updated 25 August 2025
Other sources
Ruby. Multiple issues in Ruby were addressed in this update.
The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.
There is an escape sequence injection vulnerability in the Basic authentication of WEBrick bundled by Ruby. When using the Basic authentication of WEBrick, clients can pass an arbitrary string as the user name. WEBrick outputs the passed user name intact to its log, then an attacker can inject malicious escape sequences to the log and dangerous control characters may be executed on a victim’s terminal emulator.
External References:
https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/
— Red Hat
Credit
Affected Software
Remediation
Event History
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2018-4295
- CVE-2018-4410
- CVE-2018-4417
- CVE-2017-12613
- CVE-2017-12618
- CVE-2018-4411
- CVE-2018-4308
- CVE-2018-4468
- CVE-2018-4126
- CVE-2018-4415
- CVE-2018-4398
- CVE-2018-4412
- CVE-2018-4153
- CVE-2018-4406
- CVE-2018-4346
- CVE-2018-4403
- CVE-2018-4423
- CVE-2018-3639
- CVE-2018-4342
- CVE-2018-4304
- CVE-2018-4426
- CVE-2018-4331
- CVE-2018-3646
- CVE-2018-4242
- CVE-2018-4394
- CVE-2018-4334
- CVE-2018-4396
- CVE-2018-4418
- CVE-2018-4350
- CVE-2018-4421
- CVE-2018-4422
- CVE-2018-4408
- CVE-2018-4402
- CVE-2018-4341
- CVE-2018-4354
- CVE-2018-4401
- CVE-2018-4371
- CVE-2018-4420
- CVE-2018-4399
- CVE-2018-4340
- CVE-2018-4419
- CVE-2018-4425
- CVE-2018-4259
- CVE-2018-4286
- CVE-2018-4287
- CVE-2018-4288
- CVE-2018-4291
- CVE-2018-4413
- CVE-2018-4407
- CVE-2018-4424
- CVE-2018-4187
- CVE-2018-4348
- CVE-2018-4389
- CVE-2018-4326
- CVE-2018-4310
- CVE-2018-3640
- CVE-2018-4369
- CVE-2018-6797
- CVE-2017-0898
- CVE-2017-10784
- CVE-2017-14033
- CVE-2017-14064
- CVE-2017-17405
- CVE-2017-17742
- CVE-2018-6914
- CVE-2018-8777
- CVE-2018-8778
- CVE-2018-8779
- CVE-2018-8780
- CVE-2018-4400
- CVE-2018-4395
- CVE-2018-4393
- CVE-2018-4203
- CVE-2018-4368
- CVE-2018-4470
- CVE-2018-4289
- CVE-2018-4268
- CVE-2018-4285
- CVE-2018-5383
- CVE-2018-4293
- CVE-2018-4269
- CVE-2018-4276
- CVE-2018-4178
- CVE-2018-4456
- CVE-2018-4283
- CVE-2018-3665
- CVE-2018-4280
- CVE-2018-4248
- CVE-2018-4277
- CVE-2018-6913
- CVE-2018-4274
Frequently Asked Questions
What is CVE-2017-10784?
CVE-2017-10784 is a vulnerability in the WEBrick library in Ruby that allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands.
How severe is CVE-2017-10784?
CVE-2017-10784 has a severity value of 8.8, which is classified as critical.
How can I fix CVE-2017-10784?
To fix CVE-2017-10784, update Ruby to version 2.2.8, 2.3.5, or higher.
Is my version of Ruby affected by CVE-2017-10784?
If you are using Ruby before version 2.2.8, 2.3.x before 2.3.5, or 2.4.x through 2.4.1, then your version is affected by CVE-2017-10784.
Where can I find more information about CVE-2017-10784?
You can find more information about CVE-2017-10784 in the National Vulnerability Database (NVD) and the Red Hat security advisories.