Description
Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.
Remediation
References
Related Vulnerabilities
WordPress Plugin WooCommerce Smart Coupons Security Bypass (4.6.0)
PHP Improper Input Validation Vulnerability (CVE-2008-3660)
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-28783)
WordPress Plugin WordPress Popular Posts TimThumb Arbitrary File Upload (2.1.4)
WordPress Plugin WP DS FAQ Plus Cross-Site Scripting (1.4.1)