Lucene search
HistoryMay 02, 2013 - 2:55 p.m.
CVE-2012-4481
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.5 Medium
AI Score
Confidence
High
0.011 Low
EPSS
Percentile
84.4%
The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005.
Affected configurations
Node
ruby-langrubyMatch1.8.7
Related
cve
cve
prion
prion
Design/Logic Flaw
2013-05-02 14:55:00
Design/Logic Flaw
2011-03-02 20:00:00
Code injection
2013-04-25 23:55:00
veracode
veracode
Unauthorized Modification
2019-01-15 08:52:55
Arbitrary Code Execution
2019-05-02 04:45:35
Access Control Bypass
2020-04-10 00:59:04
cvelist
cvelist
ubuntucve
ubuntucve
nessus
nessus
Amazon Linux AMI : ruby (ALAS-2013-173)
2013-09-04 00:00:00
Scientific Linux Security Update : ruby on SL5.x i386/x86_64 (20130108)
2013-01-17 00:00:00
Oracle Linux 6 : ruby (ELSA-2013-0612)
2013-07-12 00:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2013-173)
2015-09-08 00:00:00
CentOS Update for ruby CESA-2013:0129 centos5
2013-01-21 00:00:00
CentOS Update for ruby CESA-2013:0612 centos6
2013-03-12 00:00:00
centos
centos
ruby security update
2013-01-09 20:36:59
ruby security update
2013-03-09 00:47:26
irb, ruby security update
2011-08-14 21:12:51
redhat
redhat
(RHSA-2013:0612) Moderate: ruby security update
2013-03-07 00:00:00
(RHSA-2013:0129) Moderate: ruby security and bug fix update
2013-01-08 00:00:00
(RHSA-2011:0910) Moderate: ruby security update
2011-06-28 00:00:00
amazon
amazon
Medium: ruby
2013-03-14 22:04:00
Medium: ruby
2012-10-23 10:43:00
nvd
nvd
securityvulns
securityvulns
Ruby restrictions bypass
2012-10-15 00:00:00
[USN-1603-1] Ruby vulnerabilities
2012-10-15 00:00:00
ruby multiple security vulnerabilities
2011-05-25 00:00:00
rubygems
rubygems
CVE-2011-1005 Ruby: Untrusted codes able to modify arbitrary strings
2011-02-17 21:00:00
Ruby name_err_mesg_to_str Method Safe Level Security Bypass
2012-10-11 20:00:00
ubuntu
ubuntu
Ruby vulnerabilities
2012-10-10 00:00:00
Ruby vulnerabilities
2012-10-23 00:00:00
Ruby vulnerabilities
2012-09-26 00:00:00
oraclelinux
oraclelinux
ruby security and bug fix update
2013-01-11 00:00:00
ruby security update
2013-03-07 00:00:00
ruby security update
2011-06-28 00:00:00
seebug
seebug
Ruby 安全级别限制绕过漏洞(CVE-2012-4466)
2013-04-28 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: ruby-1.8.6.420-2.fc13
2011-03-02 01:46:19
[SECURITY] Fedora 16 Update: ruby-1.8.7.358-4.fc16
2012-10-14 03:52:43
gentoo
gentoo
Ruby: Denial of service
2014-12-13 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.5 Medium
AI Score
Confidence
High
0.011 Low
EPSS
Percentile
84.4%
Related for NVD:CVE-2012-4481