← Back

CVE-2013-2065

nvd nist
Published: Nov 2, 2013Modified: Apr 29, 2026

JSON object

Loading...
6.4
Vector
AV:N/AC:L/Au:N/C:P/I:P/A:N
Exploitability: 10.0 / Impact: 4.9
Source: NVD

Description

(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.

Affected (20)

Opensuse
1 product
Opensuse
Ruby Lang
1 product
Ruby
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Opensuse
Opensuse
Version 12.2
Opensuse
Version 12.3
Configuration B
18 vulnerable
Vulnerable SoftwareAffected Versions
Ruby Lang
Ruby
Version 1.9.1
Ruby
Version 1.9.2
Ruby
Version 1.9.3
Ruby
Version 1.9.3 p0
Ruby
Version 1.9.3 p125
Ruby
Version 1.9.3 p194
Ruby
Version 1.9.3 p286
Ruby
Version 1.9.3 p383
Ruby
Version 1.9.3 p385
Ruby
Version 1.9.3 p392
Ruby
Version 1.9
Ruby
Version 2.0.0
Ruby
Version 2.0.0 p0
Ruby
Version 2.0.0 preview1
Ruby
Version 2.0.0 preview2
Ruby
Version 2.0.0 rc1
Ruby
Version 2.0.0 rc2
Ruby
Version 2.0

Related CWEs

CWE-264
CWE-264

References (14)

Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
ExploitPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatchVendor Advisory

Timeline

No history available yet.