Lucene search
K

25 matches found

CVE
CVE
added 2013/11/02 7:0 p.m.100 views

CVE-2013-2065

CVE-2013-2065 is a taint-check bypass in Ruby's DL and Fiddle native extensions. The initial description notes that Ruby 1.9.x up to 1.9.3 patchlevel 426 and Ruby 2.0 up to patchlevel 195 do not taint-check native functions, allowing context-dependent attackers to bypass safe-level restrictions. ...

6.4CVSS5.5AI score0.0251EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2013/11/02 7:0 p.m.32 views

CVE-2013-2065

1 DL and 2 Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions...

5.5AI score0.0251EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2013/11/02 12:0 a.m.27 views

CVE-2013-2065

1 DL and 2 Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions...

6.4CVSS7.1AI score0.0251EPSS
Exploits1References4
Amazon
Amazon
added 2013/09/26 12:0 a.m.55 views

Low: ruby19

Issue Overview: 1 DL and 2 Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions. Affected Packages: ruby19 Issue Correction: Run...

6.4CVSS8.4AI score0.0251EPSS
Exploits1
RubySec
RubySec
added 2013/05/14 12:0 a.m.30 views

CVE-2013-2065 Ruby: Object taint bypassing in DL and Fiddle

1 DL and 2 Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions...

6.4CVSS5.7AI score0.0251EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder