OSVDB-95668 (builder): Builder Gem for Ruby Tag Name Handling Private Method Exposure

Builder Gem for Ruby Tag Name Handling Private Method Exposure

Published: June 15, 2007

SECURITY IDENTIFIERS

OSVDB: OSVDB-95668
Vendor Advisory: https://my.diffend.io/gems/builder/2.1.1/2.1.2

GEM

builder

PATCHED VERSIONS

>= 2.1.2

DESCRIPTION

Builder Gem for Ruby contains a flaw in the handling of tag names. The issue is triggered when the program reads tag names from XML data and then calls a method with that name. With a specially crafted file, a context-dependent attacker can call private methods and manipulate data.

https://my.diffend.io/gems/builder/2.1.1/2.1.2
http://osvdb.org/show/osvdb/95668

RubySec

OSVDB-95668 (builder): Builder Gem for Ruby Tag Name Handling Private Method Exposure

Builder Gem for Ruby Tag Name Handling Private Method Exposure

SECURITY IDENTIFIERS

GEM

PATCHED VERSIONS

DESCRIPTION

RELATED

Recent Advisories