Ruby@1.8.7 Security Vulnerabilities and Issues — Ruby@1.8.7 CVE List

Lucene search

Ruby-langRuby1.8.7

3 matches found

CVE•added 2013/08/18 2:52 a.m.•138 views

CVE-2013-4073

The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-t...

6.8CVSS6.1AI score0.02394EPSS

CVE•added 2013/04/25 11:55 p.m.•80 views

CVE-2012-4466

Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability tha...

5CVSS5.8AI score0.04511EPSS

CVE•added 2013/05/02 2:55 p.m.•65 views

CVE-2012-4481

The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005.

4.3CVSS5.7AI score0.04511EPSS