Ruby Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2065)

Description

(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.

Remediation

References

CVE-2013-2065

Related Vulnerabilities

WordPress Plugin Search Unleashed 'Log' Function HTML Injection (0.2.10)

WordPress Plugin Related Posts Cross-Site Request Forgery (2.7.1)

WordPress Plugin Calendar Event Multi View Security Bypass (1.4.13)

phpMyAdmin Resource Management Errors Vulnerability (CVE-2016-5706)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8625)

Severity

Medium

Classification

CVE-2013-2065 CWE-264