Unrated severityNVD Advisory· Published Nov 2, 2013· Updated Jun 16, 2026
CVE-2013-2065
CVE-2013-2065
Description
(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
21cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*+ 17 more
- cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.3:p385:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.3:p392:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
7- www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065/nvdExploitPatchVendor Advisory
- lists.opensuse.org/opensuse-updates/2013-10/msg00057.htmlnvdVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2013-May/107064.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2013-May/107098.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2013-May/107120.htmlnvd
- www.ubuntu.com/usn/USN-2035-1nvd
- puppet.com/security/cve/cve-2013-2065nvd
News mentions
0No linked articles in our index yet.