GCVE - cpe:2.3:a:ruby-lang:ruby:1.8.7-330:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ruby-lang:ruby:1.8.7-330:*:*:*:*:*:*:*

part: a version: 1.8.7-330 update: *

Vendor	Ruby Lang (`5813a634-c286-5f1d-90d5-a1a352f78d39`)
Product	Ruby (`48f7c14c-c576-5b15-be87-22eeb9add91e`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/ruby/ruby`	purl2cpe	2026-06-01 10:11:45.524590
`pkg:ruby-lang/ruby`	purl2cpe	2026-06-01 10:11:45.524591

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2011-2705`	vulnerable	2026-06-03 14:31:09.958395	Details available The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID. Published: 2011-08-05T21:00:00.000Z Updated: 2024-08-06T23:08:23.972Z Open on db.gcve.eu Reference links http://www.openwall.com/lists/oss-security/2011/07/12/14 http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/ https://bugzilla.redhat.com/show_bug.cgi?id=722415 http://www.openwall.com/lists/oss-security/2011/07/20/16 http://www.redhat.com/support/errata/RHSA-2011-1581.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2686`	vulnerable	2026-06-03 14:31:09.824450	Details available Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issue exists because of a regression during Ruby 1.8.6 development. Published: 2011-08-05T21:00:00.000Z Updated: 2024-08-06T23:08:23.714Z Open on db.gcve.eu Reference links http://www.openwall.com/lists/oss-security/2011/07/12/14 http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/ https://bugzilla.redhat.com/show_bug.cgi?id=722415 http://www.openwall.com/lists/oss-security/2011/07/20/16 http://redmine.ruby-lang.org/issues/show/4338	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-1005`	vulnerable	2026-06-03 14:30:52.618015	Details available The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname. Published: 2011-03-02T19:00:00.000Z Updated: 2024-08-06T22:14:26.987Z Open on db.gcve.eu Reference links http://www.redhat.com/support/errata/RHSA-2011-0910.html http://www.openwall.com/lists/oss-security/2011/02/21/5 http://www.mandriva.com/security/advisories?name=MDVSA-2011:098 http://www.vupen.com/english/advisories/2011/0539 http://www.redhat.com/support/errata/RHSA-2011-0909.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.