Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ruby ‘name_err_mesg_to_str API’函数安全绕过漏洞
Vulnerability Description
Ruby patchlevel 371之前的1.8.7版本,patchlevel 286之前的1.9.3版本,r37068之前的2.0版本中存在漏洞。上下文相关的攻击者可通过name_err_mesg_to_str()函数(该函数用于将String标志为受污染状态(tainted))利用该漏洞绕过安全限制并修改未污染的(untainted)字符串。
CVSS Information
N/A
Vulnerability Type
N/A