Lucene search

K
cve[email protected]CVE-2009-5147
HistoryMar 29, 2017 - 2:59 p.m.

CVE-2009-5147

2017-03-2914:59:00
CWE-20
web.nvd.nist.gov
45
4
cve-2009-5147
nvd
ruby
security vulnerability
code execution
tainted library names

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.1 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.3%

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.

Affected configurations

NVD
Node
ruby-langrubyMatch1.8.0
OR
ruby-langrubyMatch1.9.0
OR
ruby-langrubyMatch1.9.2
OR
ruby-langrubyMatch1.9.3
OR
ruby-langrubyMatch2.0.0
OR
ruby-langrubyMatch2.0.0p195
OR
ruby-langrubyMatch2.0.0p247
OR
ruby-langrubyMatch2.0.0p353
OR
ruby-langrubyMatch2.0.0p481
OR
ruby-langrubyMatch2.0.0p576
OR
ruby-langrubyMatch2.0.0p594
OR
ruby-langrubyMatch2.0.0p598
OR
ruby-langrubyMatch2.0.0p643
OR
ruby-langrubyMatch2.0.0p645
OR
ruby-langrubyMatch2.0.0p647
OR
ruby-langrubyMatch2.1.0
OR
ruby-langrubyMatch2.1.1
OR
ruby-langrubyMatch2.1.2
OR
ruby-langrubyMatch2.1.3
OR
ruby-langrubyMatch2.1.4
OR
ruby-langrubyMatch2.1.5
OR
ruby-langrubyMatch2.1.6
OR
ruby-langrubyMatch2.1.7

Social References

More

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.1 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.3%