(1) DL and (2) Fiddle in Ruby 1.9 prior to 1.9.3 patchlevel 426, and 2.0 prior to 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent malicious users to bypass intended $SAFE level restrictions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
opensuse opensuse 12.2 |
||
opensuse opensuse 12.3 |
||
ruby-lang ruby 2.0.0 |
||
ruby-lang ruby 1.9.3 |
||
ruby-lang ruby 1.9.1 |
||
ruby-lang ruby 1.9.2 |
||
ruby-lang ruby 1.9 |
||
ruby-lang ruby 2.0 |