Ruby@1.9.3 Security Vulnerabilities and Issues — Ruby@1.9.3 CVE List

Lucene search

Ruby-langRuby1.9.3

3 matches found

CVE•added 2012/11/24 8:55 p.m.•97 views

CVE-2012-4522

The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.

5CVSS5.3AI score0.00495EPSS

CVE•added 2012/11/28 1:3 p.m.•90 views

CVE-2012-5371

Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintai...

5CVSS5.6AI score0.04089EPSS

CVE•added 2012/10/11 10:51 a.m.•40 views

CVE-2012-5380

Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be added to the PATH system environment variable by a...

6.7CVSS6.8AI score0.00347EPSS