CVE-2012-4466

Priority
Description
Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0
before revision r37068 allows context-dependent attackers to bypass
safe-level restrictions and modify untainted strings via the
name_err_mesg_to_str API function, which marks the string as tainted, a
different vulnerability than CVE-2011-1005.
Notes
 tyhicks> affects 1.8.x, as well as 1.9.3-p0 and newer
Assigned-to
tyhicks
Package
Upstream:not-affected
More Information

Updated: 2019-01-14 22:05:16 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)