Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-yjc8-qqz6-23d3
Vulnerability ID VCID-yjc8-qqz6-23d3
Aliases CVE-2019-15845
Summary ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch?
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-626 Null Byte Interaction Error (Poison Null Byte)
CWE-41 Improper Resolution of Path Equivalence
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15845.json
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2019-15845
cvssv3 5.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
archlinux Medium https://security.archlinux.org/AVG-1039
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15845.json
https://api.first.org/data/v1/epss?cve=CVE-2019-15845
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15845
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16201
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16254
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16255
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://www.ruby-lang.org/en/news/2019/10/01/nul-injection-file-fnmatch-cve-2019-15845/
1789407 https://bugzilla.redhat.com/show_bug.cgi?id=1789407
ASA-201910-2 https://security.archlinux.org/ASA-201910-2
AVG-1039 https://security.archlinux.org/AVG-1039
GLSA-202003-06 https://security.gentoo.org/glsa/202003-06
RHSA-2021:2104 https://access.redhat.com/errata/RHSA-2021:2104
RHSA-2021:2230 https://access.redhat.com/errata/RHSA-2021:2230
RHSA-2021:2587 https://access.redhat.com/errata/RHSA-2021:2587
RHSA-2021:2588 https://access.redhat.com/errata/RHSA-2021:2588
RHSA-2022:0581 https://access.redhat.com/errata/RHSA-2022:0581
RHSA-2022:0582 https://access.redhat.com/errata/RHSA-2022:0582
USN-4201-1 https://usn.ubuntu.com/4201-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15845.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.5622
EPSS Score 0.0033
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T09:30:24.009963+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15845.json 38.6.0