Description
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.
Remediation
References
Related Vulnerabilities
WordPress Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2022-3590)
Internet Information Services Other Vulnerability (CVE-2004-0205)
WordPress Plugin EZ SQL Reports Shortcode Widget and DB Backup Multiple Vulnerabilities (4.11.33)
Jboss EAP Other Vulnerability (CVE-2010-4265)
WordPress Plugin CataBlog 'category' Parameter Cross-Site Scripting (1.6.2)