Lucene search
GoogleOSV:DLA-172-1HistoryMar 14, 2015 - 12:00 a.m.
libextlib-ruby - security update
2015-03-1400:00:00
Google
osv.dev
6
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Import patches 633974b2759d9b92 and 4540e7102b803624 from uptream to
remove symbol and YAML coercion from the XML parser.
For Debian 6 Squeeze, these issues have been fixed in libextlib-ruby version 0.9.13-2+deb6u1
| CPE | Name | Operator | Version |
|---|---|---|---|
| libextlib-ruby | eq | 0.9.13-2 |
References
Related
ubuntucve
ubuntucve
CVE-2013-1802
2013-04-09 00:00:00
suse
suse
Security update for rubygem-extlib (important)
2013-04-03 20:10:37
debiancve
debiancve
CVE-2013-1802
2013-04-09 20:55:00
prion
prion
Type confusion
2013-04-09 20:55:00
osv
osv
extlib does not properly restrict casts of string values
2017-10-24 18:33:37
cve
cve
CVE-2013-1802
2013-04-09 20:55:00
github
github
extlib does not properly restrict casts of string values
2017-10-24 18:33:37
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related for OSV:DLA-172-1