Contents

---
engine: ruby
cve: 2008-3655
url: https://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
title: Ruby multiple insufficient safe mode restrictions
date: 2008-08-08
description: |
  Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71,
  and 1.9 through r18423 does not properly restrict access to critical
  variables and methods at various safe levels, which allows context-dependent
  attackers to bypass intended access restrictions via (1) untrace_var, (2)
  $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at
  safe levels 1 through 3.
cvss_v2: 7.5
patched_versions:
  - ~> 1.8.6.287
  - ~> 1.8.7.72
  - ">= 1.9.0"

Version data entries

6 entries across 6 versions & 2 rubygems

Version	Path
bundler-audit-0.7.0.1	data/ruby-advisory-db/rubies/ruby/CVE-2008-3655.yml
bundler-budit-0.6.2	data/ruby-advisory-db/rubies/ruby/CVE-2008-3655.yml
bundler-budit-0.6.1	data/ruby-advisory-db/rubies/ruby/CVE-2008-3655.yml
bundler-audit-0.6.1	data/ruby-advisory-db/rubies/ruby/CVE-2008-3655.yml
bundler-audit-0.6.0	data/ruby-advisory-db/rubies/ruby/CVE-2008-3655.yml
bundler-audit-0.5.0	data/ruby-advisory-db/rubies/ruby/CVE-2008-3655.yml