Ruby · Mruby · CVE-2018-10199
Name of the Vulnerable Software and Affected Versions:
mruby versions prior to 1.4.1
Description:
A use-after-free issue exists in the `File#initialize copy()` function, located in src/io.c. This could potentially allow an attacker to execute arbitrary code if they can cause Ruby code to be run.
Recommendations:
For versions prior to 1.4.1, update to version 1.4.1 or later to resolve the issue.