6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.005 Low
EPSS
Percentile
75.1%
Ruby Developers report:
There is a vulnerability in DL and Fiddle in Ruby where tainted
strings can be used by system calls regardless of the $SAFE level
set in Ruby.
Native functions exposed to Ruby with DL or Fiddle do not check the
taint values set on the objects passed in. This can result in
tainted objects being accepted as input when a SecurityError
exception should be raised.