Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-4464

Опубликовано: 28 сент. 2012
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE: this issue might exist because of a CVE-2011-1005 regression.

Отчет

Not vulnerable. This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5 and 6 as they did not provide version 1.9.x, which is the vulnerable version of ruby.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5rubyNot affected
Red Hat Enterprise Linux 6rubyNot affected
RHEL 6 Version of OpenShift EnterprisegraphvizFixedRHSA-2013:058228.02.2013
RHEL 6 Version of OpenShift Enterpriseopenshift-consoleFixedRHSA-2013:058228.02.2013
RHEL 6 Version of OpenShift Enterpriseopenshift-origin-brokerFixedRHSA-2013:058228.02.2013
RHEL 6 Version of OpenShift Enterpriseopenshift-origin-broker-utilFixedRHSA-2013:058228.02.2013
RHEL 6 Version of OpenShift Enterpriseopenshift-origin-cartridge-cron-1.4FixedRHSA-2013:058228.02.2013
RHEL 6 Version of OpenShift Enterpriseopenshift-origin-cartridge-diy-0.1FixedRHSA-2013:058228.02.2013
RHEL 6 Version of OpenShift Enterpriseopenshift-origin-cartridge-haproxy-1.4FixedRHSA-2013:058228.02.2013
RHEL 6 Version of OpenShift Enterpriseopenshift-origin-cartridge-jbosseap-6.0FixedRHSA-2013:058228.02.2013

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-266
https://bugzilla.redhat.com/show_bug.cgi?id=8625981.9.3: Possibility to bypass Ruby's $SAFE (level 4) semantics

EPSS

Процентиль: 66%
0.00513
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2012-4464

ubuntu
почти 13 лет назад

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE: this issue might exist because of a CVE-2011-1005 regression.

nvd логотип

CVE-2012-4464

nvd
почти 13 лет назад

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE: this issue might exist because of a CVE-2011-1005 regression.

debian логотип

CVE-2012-4464

debian
почти 13 лет назад

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows ...

github логотип

GHSA-gjcp-rx5c-g849

github
больше 3 лет назад

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE: this issue might exist because of a CVE-2011-1005 regression.

EPSS

Процентиль: 66%
0.00513
Низкий

4.3 Medium

CVSS2