Description

Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.

Remediation

References

CVE-2012-4466

Related Vulnerabilities

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-0276)

WordPress 4.0.x Possible SQL Injection Vulnerability (4.0 - 4.0.19)

WordPress Plugin youForms for WordPress-Creating Forms for CopeCart Cross-Site Scripting (1.0.5)

Apache Tomcat Other Vulnerability (CVE-2002-1567)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-5739)

Severity

Medium

Classification

CVE-2012-4466 CWE-264

Tags

Missing Update Known Vulnerabilities