Описание
(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| lucid | ignored | end of life |
| precise | not-affected | |
| quantal | not-affected | |
| raring | not-affected | |
| saucy | not-affected | |
| upstream | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.9.3.448-1ubuntu1 |
| lucid | ignored | end of life |
| precise | released | 1.9.3.0-1ubuntu2.8 |
| quantal | released | 1.9.3.194-1ubuntu1.6 |
| raring | released | 1.9.3.194-8.1ubuntu1.2 |
| saucy | released | 1.9.3.194-8.1ubuntu2.1 |
| upstream | released | 1.9.3.426 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 2.0.0.343-1 |
| lucid | DNE | |
| precise | DNE | |
| quantal | DNE | |
| raring | DNE | |
| saucy | not-affected | 2.0.0.299-2 |
| upstream | released | 2.0.0.195 |
Показывать по
6.4 Medium
CVSS2
Связанные уязвимости
(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.
(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.
1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 ...
(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.
6.4 Medium
CVSS2