Description
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
Remediation
References
Related Vulnerabilities
Joomla! Core Remote Code Execution (1.5.0 - 3.4.5)
WebLogic Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-40690)
Oracle Application Server CVE-2009-1010 Vulnerability (CVE-2009-1010)
WordPress Plugin WordPress Poll Multiple SQL Injection and Security Bypass Vulnerabilities (34.04)