Description

(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.

Remediation

References

CVE-2013-2065

Related Vulnerabilities

Cherokee Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-20798)

WordPress Plugin Dropdown Menu Widget Cross-Site Request Forgery (1.9.1)

WordPress Plugin FireStats Arbitrary File Download (1.6.5)

Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-21673)

Perl Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-1238)

Severity

Medium

Classification

CVE-2013-2065 CWE-264

Tags

Missing Update Known Vulnerabilities