Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2013-2065

(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.

  • Published: Nov 2, 2013
  • Updated: Apr 13, 2023
  • CVE: CVE-2013-2065
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 6.4
  • AV:N/AC:L/Au:N/C:P/I:P/A:N

CWEs:

Software From Fixed in
opensuse / opensuse 12.3 12.3.x
opensuse / opensuse 12.2 12.2.x
ruby-lang / ruby 2.0.0 2.0.0.x
ruby-lang / ruby 1.9.3-p286 1.9.3-p286.x
ruby-lang / ruby 1.9.3-p385 1.9.3-p385.x
ruby-lang / ruby 1.9.3-p383 1.9.3-p383.x
ruby-lang / ruby 2.0 2.0.x
ruby-lang / ruby 2.0.0-preview1 2.0.0-preview1.x
ruby-lang / ruby 1.9.2 1.9.2.x
ruby-lang / ruby 1.9.1 1.9.1.x
ruby-lang / ruby 2.0.0-p0 2.0.0-p0.x
ruby-lang / ruby 1.9.3-p125 1.9.3-p125.x
ruby-lang / ruby 2.0.0-rc1 2.0.0-rc1.x
ruby-lang / ruby 2.0.0-preview2 2.0.0-preview2.x
ruby-lang / ruby 1.9.3-p194 1.9.3-p194.x
ruby-lang / ruby 1.9.3 1.9.3.x
ruby-lang / ruby 1.9 1.9.x
ruby-lang / ruby 1.9.3-p392 1.9.3-p392.x
ruby-lang / ruby 2.0.0-rc2 2.0.0-rc2.x
ruby-lang / ruby 1.9.3-p0 1.9.3-p0.x