CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
91.7%
Nobuhiro IMAI reports:
the default value modification on
Module#public_instance_methods (from false to true) breaks
s.add_handler(XMLRPC::iPIMethods(“sample”), MyHandler.new) style
security protection.
This problem could allow a remote attacker to execute arbitrary
commands on XMLRPC server of libruby.