Sha256: e4cc0e2602b9a4ae8e361c5488bb5a69d17ec896f58c06fae992d4ca96b8b240

Contents?: true

Size: 496 Bytes

Versions: 6

Compression:

Stored size: 496 Bytes

Contents

---
engine: ruby
cve: 2012-4481
url: http://www.openwall.com/lists/oss-security/2012/10/05/2
title: |
  Ruby incomplete fix for CVE-2011-1005 for NameError#to_s method when used on
  objects
date: 2012-10-05
description: |
  The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to
  modify strings via the NameError#to_s method when operating on Ruby objects.
  NOTE: this issue is due to an incomplete fix for CVE-2011-1005. 
cvss_v2: 4.3
patched_versions:
  - ">= 1.8.7.371"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/rubies/ruby/CVE-2012-4481.yml
bundler-budit-0.6.2 data/ruby-advisory-db/rubies/ruby/CVE-2012-4481.yml
bundler-budit-0.6.1 data/ruby-advisory-db/rubies/ruby/CVE-2012-4481.yml
bundler-audit-0.6.1 data/ruby-advisory-db/rubies/ruby/CVE-2012-4481.yml
bundler-audit-0.6.0 data/ruby-advisory-db/rubies/ruby/CVE-2012-4481.yml
bundler-audit-0.5.0 data/ruby-advisory-db/rubies/ruby/CVE-2012-4481.yml