Ruby vulnerability caused by a problem with the alias funtion so that safe level 4 does not function as a sandbox

Overview Safe levels exist as a part of the Ruby language security model, in order to limit the operation of untrusted objects. Ruby contains a vulnerability which may allow an attacker to bypass the safe level restrictions and execute normally inaccessible methods, due to a problem in Ruby's ali...

Ruby contains a vulnerability that prevents safe level 4 from functioning as a sandbox.

Overview Safe level is a security model provided by Ruby language that limits the operation of untrusted objects. A vulnerability that allows an attacker to bypass the safe level restrictions and execute inaccessible methods ex. destructive methods was confirmed. Impact An attacker may be able to...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication. The 1 Net::ftptls, 2 Net::telnets, 3 Net::imap, 4 Net::pop, and 5 Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName CN field in a server certificate matches the domain name in a reque...

USN-371-1: Ruby vulnerability

An error was found in Ruby's CGI library that did not correctly check for the end of multipart MIME requests. Using a crafted HTTP request, a remote user could cause a denial of service, where Ruby CGI applications would end up in a loop, monopolizing a CPU...

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution. Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program throu...

Security Bypass Vulnerability with Ruby

The Ruby language has a security mechanism security model that can restrict operations on untrusted objects. This security model is based on mechanisms called "object taint" and "safe level." A vulnerability has been confirmed that allows arbitrary script execution by bypassing the "safe level"...

GLSA-200411-23 : Ruby: Denial of Service issue

The remote host is affected by the vulnerability described in GLSA-200411-23 Ruby: Denial of Service issue Ruby's developers found and fixed an issue in the CGI module that can be triggered remotely and cause an infinite loop. Impact : A remote attacker could trigger the vulnerability through an...

Fedora Core 2 : ruby-1.8.1-6 (2004-264)

Thu Aug 19 2004 Akira TAGOH 1.8.1-6 - security fix CVE-2004-0755 - ruby-1.8.1-cgisessionperms.patch: sets the permission of the session data file to 0600. 130063 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable...

CVE-2004-0755

The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions...