CVE-2013-2065

NONECVSS 0.0

0.0

(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.

🔗 References (14)

secalert@redhathttp://lists.fedoraproject.org/pipermail/package-announce/2013-May/107064.html
secalert@redhathttp://lists.fedoraproject.org/pipermail/package-announce/2013-May/107098.html
secalert@redhathttp://lists.fedoraproject.org/pipermail/package-announce/2013-May/107120.html
secalert@redhathttp://lists.opensuse.org/opensuse-updates/2013-10/msg00057.html
secalert@redhathttp://www.ubuntu.com/usn/USN-2035-1
secalert@redhathttps://puppet.com/security/cve/cve-2013-2065
secalert@redhathttps://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065/
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107064.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107098.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107120.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-10/msg00057.html
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2035-1
af854a3a-2127-422b-91ae-364da2661108https://puppet.com/security/cve/cve-2013-2065
af854a3a-2127-422b-91ae-364da2661108https://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065/

Is Your Infrastructure Affected by CVE-2013-2065?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2013-2065

📅 Published

🔄 Last Modified

🔗 References (14)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2013-2065?