Ruby: The taint flag is not propagated at JSON.parse

Vulnerability description not provided...

Debian Security Advisory DSA 2265-1 (perl)

The remote host is missing an update to perl announced via advisory DSA 2265-1. OpenVAS Vulnerability Test $Id: deb22651.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2265-1 perl Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...

FreeBSD Ports: ruby, ruby_static

The remote host is missing an update to the system as announced in the referenced advisory. VID 1daea60a-4719-11da-b5c6-0004614cc33d OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Debian Security Advisory DSA 862-1 (ruby1.8)

The remote host is missing an update to ruby1.8 announced via advisory DSA 862-1. OpenVAS Vulnerability Test $Id: deb8621.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 862-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian: Security Advisory (DSA-860-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 4.10 / 5.04 : ruby1.8 vulnerability (USN-195-1)

The object oriented scripting language Ruby supports safely executing untrusted code with two mechanisms: safe level and taint flag on objects. Dr. Yutaka Oiwa discovered a vulnerability that allows Ruby methods to bypass these mechanisms. In systems which use this feature, this could be exploite...

DEBIAN-CVE-2005-4158

Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the 1 PERLLIB, 2 PERL5LIB, and 3 PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included...

Mandrake Linux Security Advisory : ruby (MDKSA-2005:191)

Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The updated packages have been patched to address this issue. %NASLMINLEVEL 70300 C...

Debian DSA-864-1 : ruby1.8 - programming error

Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The following matrix lists the fixed versions in our distributions : old stable woody...

DSA-864-1 ruby1.8 - programming error

Bulletin has no description...

[SECURITY] [DSA 862-1] New Ruby 1.6 packages fix safety bypass

-------------------------------------------------------------------------- Debian Security Advisory DSA 862-1 [email protected] http://www.debian.org/security/ Martin Schulze October 11th, 2005 http://www.debian.org/security/faq -...

Debian DSA-862-1 : ruby1.6 - programming error

Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The following matrix lists the fixed versions in our distributions : old stable woody...

DSA-860-1 ruby - programming error

Bulletin has no description...

Debian DSA-860-1 : ruby - programming error

Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The following matrix lists the fixed versions in our distributions : old stable woody...

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution. Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program throu...

CVE-2005-2337

Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input stdin...

CVE-2005-2337

Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input stdin...

CVE-2005-2337

CVE-2005-2337 affects Ruby 1.6.x (up to 1.6.8), 1.8.x (up to 1.8.2), and 1.9.0 development up to 2005-09-01. The issue allows bypassing safe level and taint protections to execute disallowed code when code is read from standard input, enabling potential arbitrary code execution. Root cause: bypas...