Ruby 1.8.7 patchlevel 371之前版本，1.9.3patchlevel 286之前版本及Ruby 2.0 revision r37068之前版本存在安全漏洞，允许攻击者利用漏洞绕过安全级别限制，修改未污染字符串，如通过name_err_mesg_to_str函数把字符串标记为污染。此漏洞不同于CVE-2011-1005
0
Ruby 1.8.7
Ruby 1.9.3
Ruby 2.0
厂商解决方案

用户可联系厂商获得相应的升级程序或补丁：
http://www.ruby-lang.org

prion 4

nessus 46

openvas 65

cve 4

ubuntucve 4

amazon 2

rubygems 4

fedora 9

veracode 4

ubuntu 6

freebsd 1

securityvulns 5

redhat 6

oraclelinux 4

centos 4

gentoo 1

prion

Code injection

2013-04-25 23:55:00

Design/Logic Flaw

2013-04-25 23:55:00

Design/Logic Flaw

2011-03-02 20:00:00

nessus

Amazon Linux AMI : ruby (ALAS-2012-139)

2013-09-04 00:00:00

Fedora 16 : ruby-1.8.7.358-4.fc16 (2012-15507)

2012-10-15 00:00:00

Ubuntu 12.04 LTS : ruby1.9.1 vulnerabilities (USN-1602-1)

2012-10-11 00:00:00

openvas

Amazon Linux: Security Advisory (ALAS-2012-139)

2015-09-08 00:00:00

Fedora Update for ruby FEDORA-2012-15507

2012-10-16 00:00:00

Fedora Update for ruby FEDORA-2012-15507

2012-10-16 00:00:00

cve

CVE-2012-4466

2013-04-25 23:55:00

CVE-2012-4464

2013-04-25 23:55:00

CVE-2011-1005

2011-03-02 20:00:00

ubuntucve

CVE-2012-4466

2012-10-03 00:00:00

CVE-2012-4464

2012-10-03 00:00:00

CVE-2012-4481

2012-10-05 00:00:00

amazon

Medium: ruby

2012-10-23 10:43:00

Medium: ruby

2013-03-14 22:04:00

rubygems

Ruby Exception#to_s / NameError#to_s Methods Safe Level Security Bypass

2012-10-11 20:00:00

CVE-2011-1005 Ruby: Untrusted codes able to modify arbitrary strings

2011-02-17 21:00:00

Ruby incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects

2012-10-04 20:00:00

fedora

[SECURITY] Fedora 16 Update: ruby-1.8.7.358-4.fc16

2012-10-14 03:52:43

[SECURITY] Fedora 18 Update: ruby-1.9.3.194-18.fc18

2012-10-09 00:29:34

[SECURITY] Fedora 17 Update: ruby-1.9.3.194-17.fc17

2012-10-14 03:50:48

veracode

Authorization Bypass

2019-05-02 04:53:43

Access Control Bypass

2020-04-10 00:59:04

Unauthorized Modification

2019-01-15 08:52:55

ubuntu

Ruby vulnerabilities

2012-10-23 00:00:00

Ruby vulnerabilities

2012-10-10 00:00:00

Ruby vulnerabilities

2012-10-10 00:00:00

freebsd

ruby -- $SAFE escaping vulnerability about Exception#to_s/NameError#to_s

2012-08-21 00:00:00

securityvulns

Ruby restrictions bypass

2012-10-15 00:00:00

[USN-1603-1] Ruby vulnerabilities

2012-10-15 00:00:00

ruby multiple security vulnerabilities

2011-05-25 00:00:00

redhat

(RHSA-2013:0129) Moderate: ruby security and bug fix update

2013-01-08 00:00:00

(RHSA-2013:0612) Moderate: ruby security update

2013-03-07 00:00:00

(RHSA-2011:0910) Moderate: ruby security update

2011-06-28 00:00:00

oraclelinux

ruby security update

2011-06-28 00:00:00

ruby security update

2011-06-28 00:00:00

ruby security, bug fix, and enhancement update

2011-12-14 00:00:00

centos

ruby security update

2013-01-09 20:36:59

ruby security update

2013-03-09 00:47:26

irb, ruby security update

2011-08-14 21:12:51

gentoo

Ruby: Denial of service

2014-12-13 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

0.011 Low

EPSS

Percentile

82.6%

JSON

Related for SSV:60778