CVE-2012-4481

Published: May 2, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

RHSA-2013:0612

vendor-advisory

x_refsource_REDHAT

[oss-security] 20121005 Re: CVE Request -- ruby (1.8.x with patched CVE-2011-1005): Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects

mailing-list

x_refsource_MLIST

MDVSA-2013:124

vendor-advisory

x_refsource_MANDRIVA

RHSA-2013:0129

vendor-advisory

x_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=863484

x_refsource_CONFIRM

https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2012-4481

Description

Affected Products

References