Description

(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.

Remediation

References

CVE-2013-2065

Related Vulnerabilities

PHP Other Vulnerability (CVE-2005-3054)

PHP Other Vulnerability (CVE-2007-1582)

WordPress Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-0616)

WebLogic CVE-2017-3248 Vulnerability (CVE-2017-3248)

WebLogic CVE-2020-14625 Vulnerability (CVE-2020-14625)

Severity

Medium

Classification

CVE-2013-2065 CWE-264

Tags

Missing Update Known Vulnerabilities