CVE-2013-2065

2013-11-0200:00:00

ubuntu.com

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.005 Low

EPSS

Percentile

75.1%

JSON

(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0
before 2.0.0 patchlevel 195, do not perform taint checking for native
functions, which allows context-dependent attackers to bypass intended
$SAFE level restrictions.

Notes

Author	Note
mdeslaur	only affects 1.9+

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchruby1.9.1< 1.9.3.0-1ubuntu2.8UNKNOWN
ubuntu12.10noarchruby1.9.1< 1.9.3.194-1ubuntu1.6UNKNOWN
ubuntu13.04noarchruby1.9.1< 1.9.3.194-8.1ubuntu1.2UNKNOWN
ubuntu13.10noarchruby1.9.1< 1.9.3.194-8.1ubuntu2.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	12.04	noarch	ruby1.9.1	< 1.9.3.0-1ubuntu2.8	UNKNOWN
ubuntu	12.10	noarch	ruby1.9.1	< 1.9.3.194-1ubuntu1.6	UNKNOWN
ubuntu	13.04	noarch	ruby1.9.1	< 1.9.3.194-8.1ubuntu1.2	UNKNOWN
ubuntu	13.10	noarch	ruby1.9.1	< 1.9.3.194-8.1ubuntu2.1	UNKNOWN