CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
89.3%
Ruby home page reports:
The Object Oriented Scripting Language Ruby supports
safely executing an untrusted code with two mechanisms:
safe level and taint flag on objects.
A vulnerability has been found that allows bypassing
these mechanisms.
By using the vulnerability, arbitrary code can be executed
beyond the restrictions specified in each safe level.
Therefore, Ruby has to be updated on all systems that use
safe level to execute untrusted code.