Ruby -- unsafe tainted string vulnerability
Ruby developer reports:
There is an unsafe tainted string vulnerability in Fiddle and DL.
This issue was originally reported and fixed with CVE-2009-5147 in
DL, but reappeared after DL was reimplemented using Fiddle and
And, about DL, CVE-2009-5147 was fixed at Ruby 1.9.1, but not
fixed at other branches, then rubies which bundled DL except Ruby
1.9.1 are still vulnerable.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright