WEB APPLICATION VULNERABILITIES Standard & Premium

Ruby Improper Input Validation Vulnerability (CVE-2009-5147)

Description

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.

Remediation

References

Related Vulnerabilities

WordPress Plugin Advanced Woo Search Unspecified Vulnerability (1.69)

WordPress Plugin Photo Gallery, Images, Slider in Rbs Image Gallery Cross-Site Scripting (3.2.12)

Atlassian Jira Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-41305)

Apache Tomcat Other Vulnerability (CVE-2015-5346)

Perl Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-12814)

Severity

High

Classification

CVE-2009-5147 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Tags

Missing Update Known Vulnerabilities