PT-2013-3523 · Ruby+1 · Ruby+1

Published

2013-11-02

Updated

2018-10-30

CVE-2013-2065

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Ruby versions 1.9 before 1.9.3 patchlevel 426 Ruby versions 2.0 before 2.0.0 patchlevel 195

Description The issue allows context-dependent attackers to bypass intended $SAFE level restrictions due to the lack of taint checking for native functions in certain Ruby versions.

Recommendations For Ruby versions 1.9 before 1.9.3 patchlevel 426, update to version 1.9.3 patchlevel 426 or later. For Ruby versions 2.0 before 2.0.0 patchlevel 195, update to version 2.0.0 patchlevel 195 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALT-PU-2016-2061

CVE-2013-2065

DLA-235-1

Affected Products

Alt Linux

Ruby

PT-2013-3523 · Ruby+1 · Ruby+1

CVE-2013-2065

Weakness Enumeration

Related Identifiers

Affected Products

References · 40