ADVISORIES
GEM
SEVERITY
CVSS v3.x: 7.8 (High)
CVSS v2.0: 6.8 (Medium)
PATCHED VERSIONS
- >= 1.9.24
DESCRIPTION
ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later.