Lucene search
K

22 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:54 a.m.3 views

SUSE CVE-2011-1005

The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exceptiontos method, as demonstrated by changing an intended pathname...

5CVSS7AI score0.02772EPSS
Exploits2References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:44 a.m.4 views

SUSE CVE-2012-4481

The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameErrortos method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005...

4.3CVSS6.7AI score0.01941EPSS
Exploits0References7
Veracode
Veracode
added 2019/05/02 4:53 a.m.25 views

Authorization Bypass

ruby is vulnerable to authorization bypass. A remote attacker can bypass safe-level restrictions and use Exceptiontos to destructively modify an untainted string so that it is tainted, the string can then be arbitrarily modified...

5CVSS6.1AI score0.02619EPSS
Exploits1References24Affected Software35
GitLab Advisory Database
GitLab Advisory Database
added 2017/10/24 12:0 a.m.24 views

Improper Input Validation

The tos method in actionpack/lib/actiondispatch/middleware/remoteip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address...

4.3CVSS4.5AI score0.06661EPSS
Exploits1References11Affected Software1
NVD
NVD
added 2013/05/02 2:55 p.m.25 views

CVE-2012-4481

The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameErrortos method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005...

4.3CVSS6.5AI score0.01941EPSS
Exploits0References6
Snyk
Snyk
added 2013/05/02 2:55 p.m.2 views

Access Restriction Bypass

Overview Affected versions of this package are vulnerable to Access Restriction Bypass. The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameErrortos method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for...

5CVSS6.9AI score0.02772EPSS
Exploits2References2
Prion
Prion
added 2013/05/02 2:55 p.m.28 views

Design/Logic Flaw

The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameErrortos method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005...

4.3CVSS6.4AI score0.02772EPSS
Exploits2References6Affected Software1
Cvelist
Cvelist
added 2013/05/02 2:0 p.m.29 views

CVE-2012-4481

The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameErrortos method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005...

6.6AI score0.01941EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2013/03/07 6:53 p.m.4 views

ruby: Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects

The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameErrortos method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005...

5CVSS7.4AI score0.02772EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2013/01/08 4:31 a.m.4 views

ruby: Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects

The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameErrortos method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005...

5CVSS7.3AI score0.02772EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2013/01/08 12:0 a.m.6 views

PT-2013-1678 · Ruby +3 · Ruby +3

Name of the Vulnerable Software and Affected Versions: Ruby version 1.8.7 Description: The safe-level feature in Ruby allows context-dependent attackers to modify strings via the NameErrorto s method when operating on Ruby objects. Recommendations: For Ruby version 1.8.7, at the moment, there is ...

6.8CVSS6.8AI score0.34968EPSS
Exploits4References36
RubySec
RubySec
added 2012/10/12 12:0 a.m.35 views

Ruby Exception#to_s / NameError#to_s Methods Safe Level Security Bypass

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the 1 exctos or 2 nameerrtos API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE:...

5CVSS4.9AI score0.02619EPSS
Exploits1References1Affected Software1
UbuntuCve
UbuntuCve
added 2012/10/05 12:0 a.m.48 views

CVE-2012-4481

The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameErrortos method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005...

4.3CVSS5.9AI score0.01941EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2012/08/21 12:0 a.m.30 views

ruby -- $SAFE escaping vulnerability about Exception#to_s/NameError#to_s

The official ruby site reports: Vulnerabilities found for Exceptiontos, NameErrortos, and nameerrmesgtos which is Ruby interpreter-internal API. A malicious user code can bypass $SAFE check by utilizing one of those security holes. Ruby's $SAFE mechanism enables untrusted user codes to run in $SA...

5CVSS7.1AI score0.02619EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2011/06/28 5:30 p.m.5 views

Ruby: Untrusted codes able to modify arbitrary strings

The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exceptiontos method, as demonstrated by changing an intended pathname...

5CVSS7.4AI score0.02772EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2011/06/28 5:27 p.m.7 views

Ruby: Untrusted codes able to modify arbitrary strings

The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exceptiontos method, as demonstrated by changing an intended pathname...

5CVSS7.4AI score0.02772EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2011/06/28 5:21 p.m.7 views

Ruby: Untrusted codes able to modify arbitrary strings

The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exceptiontos method, as demonstrated by changing an intended pathname...

5CVSS7.4AI score0.02772EPSS
Exploits2References4
securityvulns
securityvulns
added 2011/05/25 12:0 a.m.61 views

ruby multiple security vulnerabilities

Crossite scripting, privilege escalation, Exceptiontos method data modification, VpMemAlloc memory corruption...

6.8CVSS2.2AI score0.03025EPSS
Exploits2References1Affected Software1
OpenVAS
OpenVAS
added 2011/03/09 12:0 a.m.35 views

Ruby '#to_s' Security Bypass Vulnerability

This host is installed with Ruby and is prone to security bypass vulnerability. OpenVAS Vulnerability Test $Id: gbrubysecbypassvulnwin.nasl 8196 2017-12-20 12:13:37Z cfischer $ Ruby "tos" Security Bypass Vulnerability Authors: Madhuri D Copyright: Copyright C 2011 Greenbone Networks GmbH,...

5CVSS6.8AI score0.02772EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2011/03/09 12:0 a.m.29 views

Ruby '#to_s' Security Bypass Vulnerability (Feb 2011)

Ruby is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ruby-lang:ruby"; ifdescription...

5CVSS9AI score0.02772EPSS
Exploits2References4
Rows per page
Query Builder