Urabe Shyouhei

**Name of the Vulnerable Software and Affected Versions** Ruby versions 1.8.6 through 1.8.6-420 Ruby versions 1.8.7 through 1.8.7-330 Ruby version 1.8.8dev **Description** The safe-level feature in Ruby allows context-dependent attackers to modify strings via the `Exception#to s` method. This could be used to change an intended pathname. **Recommendations** For Ruby versions 1.8.6 through 1.8.6-420, consider updating to a version outside of this range to mitigate the risk. For Ruby versions 1.8.7 through 1.8.7-330, consider updating to a version outside of this range to mitigate the risk. For Ruby version 1.8.8dev, consider avoiding the use of the `Exception#to s` method until a patch is available.