CVE-2013-2065

Public on 2013-09-26

Modified on 2014-09-16

Description

(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.

Severity

Low

See what this means

CVSS v3 Base Score

2.6

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	ruby19	2013-09-26 22:21	ALAS-2013-229

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv2	2.6	AV:N/AC:H/Au:N/C:N/I:P/A:N
NVD	CVSSv2	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:N

References

Red Hat: CVE-2013-2065 Mitre: CVE-2013-2065 FAQs regarding Amazon Linux ALAS/CVE Severity