Ruby Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2065)

Description

(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.

Remediation

References

CVE-2013-2065

Related Vulnerabilities

MyBB Improper Access Control Vulnerability (CVE-2016-9415)

Grafana Improper Synchronization Vulnerability (CVE-2023-2801)

WordPress Plugin MainWP Dashboard Cross-Site Scripting (3.1.2)

WordPress Plugin Skype Legacy Buttons Multiple Vulnerabilities (3.0.4)

Internet Information Services Other Vulnerability (CVE-2002-1695)

Severity

Medium

Classification

CVE-2013-2065 CWE-264