Sha256: ded86c67ba9825d08d38d0b27779cdb1b713def9bcde9ccb34706009ac0d64ee

Contents?: true

Size: 668 Bytes

Versions: 6

Compression:

Stored size: 668 Bytes

Contents

---
engine: ruby
cve: 2012-4464
url: https://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/
title: Ruby Exception#to_s / NameError#to_s Methods Safe Level Security Bypass
date: 2012-10-12
description: |
  Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows
  context-dependent attackers to bypass safe-level restrictions and modify
  untainted strings via the (1) exc_to_s or (2) name_err_to_s API function,
  which marks the string as tainted, a different vulnerability than
  CVE-2012-4466. NOTE: this issue might exist because of a CVE-2011-1005
  regression.
cvss_v2: 5.0
patched_versions:
  - ~> 1.8.7.371
  - ">= 1.9.3.286"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/rubies/ruby/CVE-2012-4464.yml
bundler-budit-0.6.2 data/ruby-advisory-db/rubies/ruby/CVE-2012-4464.yml
bundler-budit-0.6.1 data/ruby-advisory-db/rubies/ruby/CVE-2012-4464.yml
bundler-audit-0.6.1 data/ruby-advisory-db/rubies/ruby/CVE-2012-4464.yml
bundler-audit-0.6.0 data/ruby-advisory-db/rubies/ruby/CVE-2012-4464.yml
bundler-audit-0.5.0 data/ruby-advisory-db/rubies/ruby/CVE-2012-4464.yml