[USN-1733-1] Ruby vulnerabilities
Several security issues were fixed in Ruby.
Jean-Philippe Aumasson discovered that Ruby incorrectly generated
predictable hash values. An attacker could use this issue to generate hash
collisions and cause a denial of service. (CVE-2012-5371)
Evgeny Ermakov discovered that documentation generated by rdoc is
vulnerable to a cross-site scripting issue. With cross-site scripting
vulnerabilities, if a user were tricked into viewing a specially crafted
page, a remote attacker could exploit this to modify the contents, or steal
confidential data, within the same domain. (CVE-2013-0256)
Thomas Hollstegge and Ben Murphy discovered that the JSON implementation
in Ruby incorrectly handled certain crafted documents. An attacker could
use this issue to cause a denial of service or bypass certain protection
mechanisms. (CVE-2013-0269)
- ID
- USN-1733-1
- Severity
- high
- Severity from
- CVE-2013-0269
- URL
- https://ubuntu.com/security/notices/USN-1733-1
- Published
-
2013-02-21T13:56:40
(11 years ago) - Modified
-
2013-02-21T13:56:40
(11 years ago) - Other Advisories
-
-
FEDORA-2012-17949
-
FEDORA-2012-18017
-
FEDORA-2013-12062
-
FEDORA-2013-2131
-
FEDORA-2013-2143
-
FEDORA-2013-3038
-
FEDORA-2013-3050
-
FEDORA-2013-3052
-
FEDORA-2013-8411
-
FREEBSD:5E647CA3-2AEA-11E2-B745-001FD0AF1A4C
-
FREEBSD:C79EB109-A754-45D7-B552-A42099EB2265
-
FREEBSD:D3E96508-056B-4259-88AD-50DC8D1978A6
-
GLSA-201412-27
-
RUBYSEC:JSON-2013-0269
-
RUBYSEC:JSON-2020-10663
-
RUBYSEC:RDOC-2013-0256
-
SSA:2012-341-04
-
SSA:2013-075-01
-
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |