Shugo Maedo

**Name of the Vulnerable Software and Affected Versions** Ruby versions 1.8.7 before patchlevel 371 Ruby versions 1.9.3 before patchlevel 286 Ruby versions 2.0 before revision r37068 **Description** The issue allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the `name err mesg to str` API function. This function marks the string as tainted. **Recommendations** For Ruby version 1.8.7, update to patchlevel 371 or later. For Ruby version 1.9.3, update to patchlevel 286 or later. For Ruby version 2.0, update to revision r37068 or later.

**Name of the Vulnerable Software and Affected Versions** Ruby version 1.8.7 **Description** The safe-level feature in Ruby allows context-dependent attackers to modify strings via the `NameError#to s` method when operating on Ruby objects. **Recommendations** For Ruby version 1.8.7, at the moment, there is no information about a newer version that contains a fix for this vulnerability.