CVE-2013-2065

critical

Description

(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.

References

https://puppet.com/security/cve/cve-2013-2065

http://www.ubuntu.com/usn/USN-2035-1

http://lists.opensuse.org/opensuse-updates/2013-10/msg00057.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107120.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107098.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107064.html

Details

Source: Mitre, NVD

Published: 2013-11-02

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.0035

Detections

Analytics