---
engine: ruby
cve: 2013-2065
osvdb: 93414
url: http://www.osvdb.org/show/osvdb/93414
title: |
  Ruby Multiple Module Object $SAFE Level Verification System Call Tainted
  String Injection
date: 2013-05-14
description: |
  Ruby contains a flaw that is triggered when the Fiddle and DL modules fail to
  properly verify the $SAFE level when handling certain objects. This may allow
  a remote attacker to inject tainted strings into a system call.
cvss_v2: 6.4
unaffected_versions:
  - ~> 1.8.0
patched_versions:
  - ~> 1.9.3.426
  - ">= 2.0.0.195"