Ruby@1.8.7-334 Security Vulnerabilities and Issues — Ruby@1.8.7-334 CVE List

Ruby-langRuby1.8.7-334

2 matches found

CVE•added 2011/08/05 9:0 p.m.•105 views

CVE-2011-2705

CVE-2011-2705 affects Ruby’s SecureRandom.init in lib/securerandom.rb. The vulnerability arises because SecureRandom.random_bytes relies on PID values for initialization in Ruby versions prior to 1.8.7-p352 and 1.9.x prior to 1.9.2-p290, enabling context-dependent attackers to predict the generat...

5CVSS5.4AI score0.00989EPSS

CVE•added 2011/08/05 9:0 p.m.•72 views

CVE-2011-2686

CVE-2011-2686 affects Ruby (MRI) older than 1.8.7-p352; it arises from a regression in 1.8.6 where the random seed is not reset on fork, allowing context-dependent attackers to predict random numbers from a child process. The issue is fixed in Ruby 1.8.7-p352 and later. No exploitation details ar...

5CVSS6.2AI score0.0059EPSS