Description

Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.

Remediation

References

CVE-2012-4466

Related Vulnerabilities

WordPress Plugin Royal PrettyPhoto Cross-Site Scripting (1.2)

MySQL CVE-2022-21284 Vulnerability (CVE-2022-21284)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-5577)

Ruby on Rails CVE-2013-0277 Vulnerability (CVE-2013-0277)

WordPress Plugin WP Symposium Multiple SQL Injection Vulnerabilities (12.09)

Severity

Medium

Classification

CVE-2012-4466 CWE-264

Tags

Missing Update Known Vulnerabilities