CVE-2013-2065
02.11.2013, 19:55
(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 12.2 |
| opensuse | opensuse | 12.3 |
| ruby-lang | ruby | 1.9 |
| ruby-lang | ruby | 1.9.1 |
| ruby-lang | ruby | 1.9.2 |
| ruby-lang | ruby | 1.9.3 |
| ruby-lang | ruby | 1.9.3:p0 |
| ruby-lang | ruby | 1.9.3:p125 |
| ruby-lang | ruby | 1.9.3:p194 |
| ruby-lang | ruby | 1.9.3:p286 |
| ruby-lang | ruby | 1.9.3:p383 |
| ruby-lang | ruby | 1.9.3:p385 |
| ruby-lang | ruby | 1.9.3:p392 |
| ruby-lang | ruby | 2.0 |
| ruby-lang | ruby | 2.0.0 |
| ruby-lang | ruby | 2.0.0:p0 |
| ruby-lang | ruby | 2.0.0:preview1 |
| ruby-lang | ruby | 2.0.0:preview2 |
| ruby-lang | ruby | 2.0.0:rc1 |
| ruby-lang | ruby | 2.0.0:rc2 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ruby1.8 |
| ||||||||||
| ruby1.9.1 |
| ||||||||||
| ruby2.0 |
|
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| ruby19 |
| ||
| ruby19-debuginfo |
| ||
| ruby19-devel |
| ||
| ruby19-doc |
| ||
| ruby19-irb |
| ||
| ruby19-libs |
| ||
| rubygem19-bigdecimal |
| ||
| rubygem19-io-console |
| ||
| rubygem19-json |
| ||
| rubygem19-minitest |
| ||
| rubygem19-rake |
| ||
| rubygem19-rdoc |
| ||
| rubygems19 |
| ||
| rubygems19-devel |
|
Common Weakness Enumeration
References