Corrective releases of the programming language Ruby 2.6.5, 2.5.7 and 2.4.8 have been generated in which four vulnerabilities have been fixed. The most dangerous vulnerability (CVE-2019-16255) is in the Shell standard library (lib / shell.rb), which allows code substitution. In the case of processing the data received from the user in the first argument of the Shell #  or Shell # test methods used to check for the presence of a file, the attacker can achieve an arbitrary Ruby method call.
Other fixed issues:
- CVE-2019-16254 - susceptibility of the embedded WEBrick http-server to the attack on the separation of HTTP responses (if the program substitutes unverified data in the HTTP response header, then you can split the header through inserting the line feed character);
- CVE-2019-15845 substitution of the null character (\ 0) into the ones checked through the methods "File.fnmatch" and "File.fnmatch?" file paths can be used for false positives;
- CVE-2019-16201 - denial of service in the Diges authentication module for WEBrick.
You can get more info about each version at the official website pages. (2.6.5, 2.5.7 and 2.4.8)