N/A

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE: this issue might exist because of a CVE-2011-1005 regression.

N/A

N/A

Ruby ‘exc_to_s’和‘name_err_to_s API’函数安全绕过漏洞

Ruby是一个非营利组织的一种为简单快捷的面向对象编程（面向对象程序设计）而创的脚本语言。 Ruby patchlevel 286之前的1.9.3版本，revision r37068之前的2.0版本中存在漏洞。上下文相关的攻击者可通过标记字符串作为tainted的(1)exc_to_s或(2)name_err_to_s API函数利用该漏洞绕过安全层限制，修改untainted字符串。

N/A

N/A