View at Official ubuntu advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2018-16396 medium priority: Ubuntu including 4 source packages (ruby1.9.1, ruby2.0, ruby2.3, ruby2.5), 20 status rows across 5 suites (bionic, cosmic, trusty, upstream, xenial): DNE 11, released 5, needs-triage 4.
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.