7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.031 Low
EPSS
Percentile
90.0%
Ruby is an interpreted scripting language for object-oriented programming.
A bug was found in the way ruby handles eval statements. It is possible for
a malicious script to call eval in such a way that can allow the bypass of
certain safe-level restrictions. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2005-2337 to this issue.
Users of Ruby should update to these erratum packages, which contain a
backported patch and are not vulnerable to this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | ppc | ruby-tcltk | < 1.8.1-7.EL4.2 | ruby-tcltk-1.8.1-7.EL4.2.ppc.rpm |
RedHat | any | s390 | ruby-tcltk | < 1.8.1-7.EL4.2 | ruby-tcltk-1.8.1-7.EL4.2.s390.rpm |
RedHat | any | s390 | irb | < 1.8.1-7.EL4.2 | irb-1.8.1-7.EL4.2.s390.rpm |
RedHat | any | x86_64 | ruby | < 1.6.8-9.EL3.4 | ruby-1.6.8-9.EL3.4.x86_64.rpm |
RedHat | any | ppc | irb | < 1.6.8-9.EL3.4 | irb-1.6.8-9.EL3.4.ppc.rpm |
RedHat | any | s390x | ruby | < 1.6.8-9.EL3.4 | ruby-1.6.8-9.EL3.4.s390x.rpm |
RedHat | any | s390x | ruby-docs | < 1.6.8-9.EL3.4 | ruby-docs-1.6.8-9.EL3.4.s390x.rpm |
RedHat | any | x86_64 | ruby-devel | < 1.8.1-7.EL4.2 | ruby-devel-1.8.1-7.EL4.2.x86_64.rpm |
RedHat | any | ppc | ruby-mode | < 1.6.8-9.EL3.4 | ruby-mode-1.6.8-9.EL3.4.ppc.rpm |
RedHat | any | ia64 | ruby-docs | < 1.6.8-9.EL3.4 | ruby-docs-1.6.8-9.EL3.4.ia64.rpm |