Description

Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.

Remediation

References

CVE-2012-4466

Related Vulnerabilities

EspoCRM Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2022-38845)

SharePoint Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1290)

Apache Traffic Server Improper Authentication Vulnerability (CVE-2021-44759)

WordPress Plugin Fotobook Cross-Site Scripting (3.2.3)

phpMyAdmin Other Vulnerability (CVE-2006-1678)

Severity

Medium

Classification

CVE-2012-4466 CWE-264

Tags

Missing Update Known Vulnerabilities