Description

The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005.

Remediation

References

CVE-2012-4481

Related Vulnerabilities

MyBB Improper Privilege Management Vulnerability (CVE-2018-1000503)

WordPress Plugin Ajax Search Lite Security Bypass (3.1)

Python Other Vulnerability (CVE-2006-1542)

concrete5 Server-Side Request Forgery (SSRF) Vulnerability (CVE-2018-13790)

WordPress Plugin Video Posts Webcam Recorder Cross-Site Scripting (1.55.4)

Severity

Medium

Classification

CVE-2012-4481 CWE-264

Tags

Missing Update Known Vulnerabilities