Description
(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.
Remediation
References
Related Vulnerabilities
Apache HTTP Server Improper Authentication Vulnerability (CVE-2017-3167)
Django Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0473)
WordPress Plugin Quick Event Manager Security Bypass (9.2.16)
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-9933)