Description

The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.

Remediation

References

CVE-2011-2705

Related Vulnerabilities

WordPress Plugin Mobile Device Detection by 51Degrees Cross-Site Scripting (3.1.5.2)

WordPress 3.9.x Possible SQL Injection Vulnerability (3.9 - 3.9.20)

Java Unspesificed Vulnerability (CVE-2019-2821)

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-20416)

MediaWiki Session Fixation Vulnerability (CVE-2013-4572)

Severity

Medium

Classification

CVE-2011-2705 CWE-20

Tags

Missing Update Known Vulnerabilities