PT-2017-2446 · Ruby +1 · Ruby +1

Name of the Vulnerable Software and Affected Versions: Ruby affected versions not specified Description: The issue is related to a type confusion in the cancel eval method of Ruby's TclTkIp class. This occurs when an attacker passes a different type of object than a String as the retval argument,...

Ruby '_cancel_eval' Class Arbitrary Code Execution Vulnerability

Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Japanese software developer Yukihiro Matsumoto. An arbitrary command execution vulnerability exists in the 'canceleval' class in Ruby versions 2.2.2 Tcl/Tk8.6, 2.3.0 dev. The vulnerability can be...