Description
The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have security relevance as a bypass of a $SAFE protection mechanism.
Remediation
References
Related Vulnerabilities
Django Resource Management Errors Vulnerability (CVE-2015-0221)
WebLogic Improper Input Validation Vulnerability (CVE-2020-10693)
Joomla! Core 3.x.x Security Bypass (3.2.0 - 3.4.4)
WordPress Plugin Frontend File Manager Arbitrary File Upload (3.9)
Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-2922)