Description
DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.
Remediation
References
Related Vulnerabilities
WordPress Plugin PHP Speedy 'admin_container.php' Remote PHP Code Execution (0.5.2)
WordPress Plugin Zero Spam SQL Injection (2.1.2)
ReviveAdserver URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-5433)
Apache HTTP Server Other Vulnerability (CVE-2004-0492)
WordPress Plugin Shopping Cart & eCommerce Store Multiple Security Bypass Vulnerabilities (3.0.20)