Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent malicious users to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ruby-lang ruby 1.9.3 |
||
ruby-lang ruby 2.0.0 |
||
ruby-lang ruby 2.0 |
||
ruby-lang ruby 1.8.7 |