Ruby@1.8.7-330 Security Vulnerabilities and Issues — Ruby@1.8.7-330 CVE List

Lucene search

Ruby-langRuby1.8.7-330

3 matches found

CVE•added 2011/08/05 9:55 p.m.•83 views

CVE-2011-2705

The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an ea...

5CVSS5.4AI score0.01202EPSS

CVE•added 2011/03/02 8:0 p.m.•64 views

CVE-2011-1005

The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname.

5CVSS6.3AI score0.04511EPSS

CVE•added 2011/08/05 9:55 p.m.•51 views

CVE-2011-2686

Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issue ...

5CVSS6.2AI score0.01802EPSS