25 matches found
CVE-2013-2065
CVE-2013-2065 is a taint-check bypass in Ruby's DL and Fiddle native extensions. The initial description notes that Ruby 1.9.x up to 1.9.3 patchlevel 426 and Ruby 2.0 up to patchlevel 195 do not taint-check native functions, allowing context-dependent attackers to bypass safe-level restrictions. ...
CVE-2013-2065
1 DL and 2 Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions...
CVE-2013-2065
1 DL and 2 Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions...
Low: ruby19
Issue Overview: 1 DL and 2 Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions. Affected Packages: ruby19 Issue Correction: Run...
CVE-2013-2065 Ruby: Object taint bypassing in DL and Fiddle
1 DL and 2 Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions...