CVE-2008-3655
Ruby <1.9 - Info Disclosure
Title source: llmDescription
Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Keita Yamaguchi · rubyremotemultiple
https://www.exploit-db.com/exploits/32224
References (32)
... and 12 more
Scores
EPSS
0.2973
EPSS Percentile
96.6%
Details
CWE
CWE-264
Status
published
Products (11)
ruby-lang/ruby
1.6.8
ruby-lang/ruby
1.8.0
ruby-lang/ruby
1.8.1 (2 CPE variants)
ruby-lang/ruby
1.8.2 (4 CPE variants)
ruby-lang/ruby
1.8.3 (4 CPE variants)
ruby-lang/ruby
1.8.4 (4 CPE variants)
ruby-lang/ruby
1.8.5 p11 (11 CPE variants)
ruby-lang/ruby
1.8.6 (10 CPE variants)
ruby-lang/ruby
1.8.7 (8 CPE variants)
ruby-lang/ruby
1.9.0
... and 1 more
Published
Aug 13, 2008
Tracked Since
Feb 18, 2026