A vulnerability has been discovered in Dalli, which can lead to code injection.
Package | dev-ruby/dalli on all architectures |
---|---|
Affected versions | < 3.2.3 |
Unaffected versions | >= 3.2.3 |
Dalli is a high performance pure Ruby client for accessing memcached servers.
A vulnerability was found in Dalli. Affected is the function self.meta_set of the file lib/dalli/protocol/meta/request_formatter.rb of the component Meta Protocol Handler. The manipulation leads to injection.
Please review the referenced CVE identifiers for details.
There is no known workaround at this time.
All Dalli users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-ruby/dalli-3.2.3"
Release date
May 04, 2024
Latest revision
May 04, 2024: 1
Severity
normal
Exploitable
local and remote
Bugzilla entries