Description
Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE: this issue might exist because of a CVE-2011-1005 regression.
Remediation
References
Related Vulnerabilities
WordPress Plugin Warranties and Returns for WooCommerce Security Bypass (5.2.1)
WordPress Plugin Google XML Sitemap for Videos Cross-Site Request Forgery (2.6.1)
MyBB Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-43281)
Joomla Cross-Site Request Forgery (CSRF) (CVE-2021-26033)
WordPress Plugin Booster for WooCommerce Security Bypass (5.4.3)