Lucene search
HistoryMay 02, 2013 - 2:55 p.m.
CVE-2012-4481
ruby
1.8.7
safe-level
context-dependent attackers
strings
nameerror
cve-2012-4481
nvd
6.4 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
65.6%
The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ruby-lang:ruby | ruby-lang ruby | eq | 1.8.7 |
Related
veracode
veracode
Unauthorized Modification
2019-01-15 08:52:55
Arbitrary Code Execution
2019-05-02 04:45:35
Access Control Bypass
2020-04-10 00:59:04
prion
prion
Design/Logic Flaw
2013-05-02 14:55:00
Design/Logic Flaw
2011-03-02 20:00:00
Code injection
2013-04-25 23:55:00
ubuntucve
ubuntucve
nessus
nessus
Scientific Linux Security Update : ruby on SL6.x i386/x86_64 (20130307)
2013-03-08 00:00:00
CentOS 5 : ruby (CESA-2013:0129)
2013-01-17 00:00:00
CentOS 6 : ruby (CESA-2013:0612)
2013-03-10 00:00:00
openvas
openvas
RedHat Update for ruby RHSA-2013:0612-01
2013-03-08 00:00:00
RedHat Update for ruby RHSA-2013:0612-01
2013-03-08 00:00:00
CentOS Update for ruby CESA-2013:0129 centos5
2013-01-21 00:00:00
amazon
amazon
Medium: ruby
2013-03-14 22:04:00
Medium: ruby
2012-10-23 10:43:00
redhat
redhat
(RHSA-2013:0129) Moderate: ruby security and bug fix update
2013-01-08 00:00:00
(RHSA-2013:0612) Moderate: ruby security update
2013-03-07 00:00:00
(RHSA-2011:0910) Moderate: ruby security update
2011-06-28 00:00:00
centos
centos
ruby security update
2013-03-09 00:47:26
ruby security update
2013-01-09 20:36:59
irb, ruby security update
2011-08-14 21:12:51
securityvulns
securityvulns
Ruby restrictions bypass
2012-10-15 00:00:00
[USN-1603-1] Ruby vulnerabilities
2012-10-15 00:00:00
ruby multiple security vulnerabilities
2011-05-25 00:00:00
oraclelinux
oraclelinux
ruby security update
2013-03-07 00:00:00
ruby security and bug fix update
2013-01-11 00:00:00
ruby security update
2011-06-28 00:00:00
ubuntu
ubuntu
Ruby vulnerabilities
2012-10-23 00:00:00
Ruby vulnerabilities
2012-10-10 00:00:00
Ruby vulnerabilities
2012-09-26 00:00:00
cve
cve
gentoo
gentoo
Ruby: Denial of service
2014-12-13 00:00:00
rubygems
rubygems
CVE-2011-1005 Ruby: Untrusted codes able to modify arbitrary strings
2011-02-17 21:00:00
Ruby incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects
2012-10-04 20:00:00
Ruby name_err_mesg_to_str Method Safe Level Security Bypass
2012-10-11 20:00:00
seebug
seebug
Ruby 安全级别限制绕过漏洞(CVE-2012-4466)
2013-04-28 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: ruby-1.8.6.420-2.fc13
2011-03-02 01:46:19
[SECURITY] Fedora 16 Update: ruby-1.8.7.358-4.fc16
2012-10-14 03:52:43
6.4 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
65.6%
Related for CVE-2012-4481