Description
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
Remediation
References
Related Vulnerabilities
WordPress Plugin Google Doc Embedder Cross-Site Scripting (2.5.18)
Chamilo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-39061)
JBoss Application Server Improper Privilege Management Vulnerability (CVE-2012-2312)
Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2021-3690)
Internet Information Services Other Vulnerability (CVE-2005-2678)