Lucene search
RubySecRUBY:RUBY-2011-1005-70957HistoryFeb 17, 2011 - 9:00 p.m.
CVE-2011-1005 Ruby: Untrusted codes able to modify arbitrary strings
2011-02-1721:00:00
RubySec
rubysec.com
12
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.011 Low
EPSS
Percentile
84.3%
The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through
1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify
strings via the Exception#to_s method, as demonstrated by changing
an intended pathname.
Related
nvd
nvd
openvas
openvas
Ruby '#to_s' Security Bypass Vulnerability
2011-03-09 00:00:00
Ruby '#to_s' Security Bypass Vulnerability
2011-03-09 00:00:00
Amazon Linux: Security Advisory (ALAS-2012-139)
2015-09-08 00:00:00
cvelist
cvelist
veracode
veracode
Access Control Bypass
2020-04-10 00:59:04
Unauthorized Modification
2019-01-15 08:52:55
Arbitrary Code Execution
2019-05-02 04:45:35
cve
cve
prion
prion
Design/Logic Flaw
2011-03-02 20:00:00
Code injection
2013-04-25 23:55:00
Design/Logic Flaw
2013-05-02 14:55:00
rubygems
rubygems
Ruby name_err_mesg_to_str Method Safe Level Security Bypass
2012-10-11 20:00:00
Ruby incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects
2012-10-04 20:00:00
Ruby Exception#to_s / NameError#to_s Methods Safe Level Security Bypass
2012-10-11 20:00:00
amazon
amazon
Medium: ruby
2012-10-23 10:43:00
Medium: ruby
2013-03-14 22:04:00
ubuntucve
ubuntucve
nessus
nessus
Amazon Linux AMI : ruby (ALAS-2012-139)
2013-09-04 00:00:00
Fedora 13 : ruby-1.8.6.420-2.fc13 (2011-1913)
2011-03-02 00:00:00
Ubuntu 12.04 LTS : ruby1.9.1 vulnerabilities (USN-1583-1)
2012-09-26 00:00:00
seebug
seebug
Ruby 安全级别限制绕过漏洞(CVE-2012-4466)
2013-04-28 00:00:00
centos
centos
ruby security update
2013-01-09 20:36:59
ruby security update
2013-03-09 00:47:26
irb, ruby security update
2011-08-14 21:12:51
redhat
redhat
(RHSA-2013:0612) Moderate: ruby security update
2013-03-07 00:00:00
(RHSA-2013:0129) Moderate: ruby security and bug fix update
2013-01-08 00:00:00
(RHSA-2011:0910) Moderate: ruby security update
2011-06-28 00:00:00
oraclelinux
oraclelinux
ruby security update
2011-06-28 00:00:00
ruby security update
2011-06-28 00:00:00
ruby security, bug fix, and enhancement update
2011-12-14 00:00:00
ubuntu
ubuntu
Ruby vulnerabilities
2012-09-26 00:00:00
Ruby vulnerabilities
2012-02-28 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: ruby-1.8.6.420-2.fc13
2011-03-02 01:46:19
[SECURITY] Fedora 16 Update: ruby-1.8.7.358-4.fc16
2012-10-14 03:52:43
securityvulns
securityvulns
ruby multiple security vulnerabilities
2011-05-25 00:00:00
[ MDVSA-2011:097 ] ruby
2011-05-25 00:00:00
Apple Mac OS X multiple security vulnerabilities
2012-08-20 00:00:00
gentoo
gentoo
Ruby: Denial of service
2014-12-13 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.011 Low
EPSS
Percentile
84.3%
Related for RUBY:RUBY-2011-1005-70957