Sha256: 2a12e64490651de7be77c9a482f5d879c822c58543b524ec33726f54dde9384f

Contents?: true

Size: 604 Bytes

Versions: 6

Compression:

Stored size: 604 Bytes

Contents

---
engine: ruby
cve: 2012-4466
url: https://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/
title: Ruby name_err_mesg_to_str Method Safe Level Security Bypass
date: 2012-10-12
description: |
  Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before
  revision r37068 allows context-dependent attackers to bypass safe-level
  restrictions and modify untainted strings via the name_err_mesg_to_str API
  function, which marks the string as tainted, a different vulnerability than
  CVE-2011-1005. 
cvss_v2: 5.0
patched_versions:
  - ~> 1.8.7.371
  - ">= 1.9.3.286"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/rubies/ruby/CVE-2012-4466.yml
bundler-budit-0.6.2 data/ruby-advisory-db/rubies/ruby/CVE-2012-4466.yml
bundler-budit-0.6.1 data/ruby-advisory-db/rubies/ruby/CVE-2012-4466.yml
bundler-audit-0.6.1 data/ruby-advisory-db/rubies/ruby/CVE-2012-4466.yml
bundler-audit-0.6.0 data/ruby-advisory-db/rubies/ruby/CVE-2012-4466.yml
bundler-audit-0.5.0 data/ruby-advisory-db/rubies/ruby/CVE-2012-4466.yml