CVE-2012-4481 — Ruby vulnerability

7 documents6 sources
Severity
4.3MEDIUMNVD
CNA5.0
EPSS
0.5%
top 34.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Ruby-lang Ruby
Timeline
PublishedMay 2
Latest updateMay 17

Description

The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

â–¶NVDruby-lang/ruby1.8.7

🔴Vulnerability Details

2
GHSA
GHSA-gh65-6rxj-m8cc: The safe-level feature in Ruby 1↗2022-05-17
â–¶
CVEList
CVE-2012-4481: The safe-level feature in Ruby 1↗2013-05-02
â–¶

📋Vendor Advisories

3
Ubuntu
Ruby vulnerabilities↗2012-10-23
â–¶
Ubuntu
Ruby vulnerabilities↗2012-10-10
â–¶
Red Hat
ruby: Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects↗2012-10-05
â–¶

💬Community

1
Bugzilla
CVE-2012-4481 ruby: Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects↗2012-10-05
â–¶
CVE-2012-4481 — Ruby-lang Ruby vulnerability | cvebase