(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Opensuse | Opensuse | 12.2 (including) | 12.2 (including) |
Opensuse | Opensuse | 12.3 (including) | 12.3 (including) |
Ruby1.8 | Ubuntu | lucid | * |
Ruby1.9.1 | Ubuntu | lucid | * |
Ruby1.9.1 | Ubuntu | precise | * |
Ruby1.9.1 | Ubuntu | quantal | * |
Ruby1.9.1 | Ubuntu | raring | * |
Ruby1.9.1 | Ubuntu | saucy | * |
Ruby1.9.1 | Ubuntu | upstream | * |
Ruby2.0 | Ubuntu | upstream | * |