Description
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.
Remediation
References
Related Vulnerabilities
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-40601)
Java Unspesificed Vulnerability (CVE-2018-3149)
WordPress Plugin Maintenance Mode Unspecified Vulnerability (1.3.3)
WordPress Plugin Tutor LMS-eLearning and online course solution Cross-Site Scripting (1.9.5)
WordPress Plugin Adavnced Video embed Local File Inclusion (1.0)