Description

The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname.

Remediation

References

CVE-2011-1005

Related Vulnerabilities

WordPress Plugin GiveWP-Donation and Fundraising Platform Cross-Site Scripting (2.9.7)

MySQL CVE-2016-0601 Vulnerability (CVE-2016-0601)

e107 Other Vulnerability (CVE-2006-0682)

WordPress Multiple Cross-Site Scripting Vulnerabilities (2.0 - 2.0.1)

Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-34944)

Severity

Medium

Classification

CVE-2011-1005 CWE-264

Tags

Missing Update Known Vulnerabilities