CVE-2011-1005

The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname.
Severity
UNKNOWN
AV:N/AC:L/Au:N/C:N/I:P/A:N
Atk. Vector
NETWORK
Atk. Complexity
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
VendorProductVersion
ruby-langruby
1.8.6
ruby-langruby
1.8.6-420
ruby-langruby
1.8.7
ruby-langruby
1.8.7-330
ruby-langruby
1.8.8
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ruby1.8
precise
not-affected
oneiric
not-affected
natty
Fixed 1.8.7.302-2ubuntu0.1
released
maverick
Fixed 1.8.7.299-2ubuntu0.1
released
lucid
Fixed 1.8.7.249-2ubuntu0.1
released
karmic
ignored
hardy
ignored
dapper
ignored
ruby1.9
precise
dne
oneiric
dne
natty
dne
maverick
dne
lucid
not-affected
karmic
ignored
hardy
ignored
dapper
ignored
ruby1.9.1
precise
Fixed 1.9.3.0-1ubuntu2.2
released
oneiric
not-affected
natty
not-affected
maverick
ignored
lucid
not-affected
karmic
ignored
hardy
dne
dapper
dne
Common Weakness Enumeration