CVE-2012-4466 (retired)

Priority
Description
Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0
before revision r37068 allows context-dependent attackers to bypass
safe-level restrictions and modify untainted strings via the
name_err_mesg_to_str API function, which marks the string as tainted, a
different vulnerability than CVE-2011-1005.
Notes
 tyhicks> affects 1.8.x, as well as 1.9.3-p0 and newer
Assigned-to
tyhicks
Package
Upstream:not-affected
More Information

Updated: 2019-03-26 12:04:05 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)