Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-4522

Опубликовано: 12 окт. 2012
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.

Отчет

This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 6.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6rubyNot affected
Red Hat Enterprise Linux 5rubyFixedRHSA-2013:012908.01.2013
RHEL 6 Version of OpenShift EnterprisegraphvizFixedRHSA-2013:058228.02.2013
RHEL 6 Version of OpenShift Enterpriseopenshift-consoleFixedRHSA-2013:058228.02.2013
RHEL 6 Version of OpenShift Enterpriseopenshift-origin-brokerFixedRHSA-2013:058228.02.2013
RHEL 6 Version of OpenShift Enterpriseopenshift-origin-broker-utilFixedRHSA-2013:058228.02.2013
RHEL 6 Version of OpenShift Enterpriseopenshift-origin-cartridge-cron-1.4FixedRHSA-2013:058228.02.2013
RHEL 6 Version of OpenShift Enterpriseopenshift-origin-cartridge-diy-0.1FixedRHSA-2013:058228.02.2013
RHEL 6 Version of OpenShift Enterpriseopenshift-origin-cartridge-haproxy-1.4FixedRHSA-2013:058228.02.2013
RHEL 6 Version of OpenShift Enterpriseopenshift-origin-cartridge-jbosseap-6.0FixedRHSA-2013:058228.02.2013

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-626
https://bugzilla.redhat.com/show_bug.cgi?id=865940ruby: unintentional file creation caused by inserting an illegal NUL character

EPSS

Процентиль: 68%
0.00565
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2012-4522

ubuntu
больше 12 лет назад

The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.

nvd логотип

CVE-2012-4522

nvd
больше 12 лет назад

The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.

debian логотип

CVE-2012-4522

debian
больше 12 лет назад

The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlev ...

github логотип

GHSA-6mch-f8jc-rpmr

github
больше 3 лет назад

The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.

oracle-oval логотип

ELSA-2013-0129

oracle-oval
больше 12 лет назад

ELSA-2013-0129: ruby security and bug fix update (MODERATE)

EPSS

Процентиль: 68%
0.00565
Низкий

4.3 Medium

CVSS2