CVE-2013-2065

Opensuse - Access Control

Title source: rule
STIX 2.1

Description

(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.

References (7)

Core 7
Core References
Various Sources x_refsource_confirm
https://puppet.com/security/cve/cve-2013-2065
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107064.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2035-1
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107098.html
Vendor Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-10/msg00057.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107120.html

Scores

EPSS 0.0251
EPSS Percentile 83.0%

Details

CWE
CWE-264
Status published
Products (8)
opensuse/opensuse 12.2
opensuse/opensuse 12.3
ruby-lang/ruby 1.9
ruby-lang/ruby 1.9.1
ruby-lang/ruby 1.9.2
ruby-lang/ruby 1.9.3 (8 CPE variants)
ruby-lang/ruby 2.0
ruby-lang/ruby 2.0.0 (6 CPE variants)
Published Nov 02, 2013
Tracked Since Feb 18, 2026