---
engine: ruby
cve: 2012-4466
url: https://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/
title: Ruby name_err_mesg_to_str Method Safe Level Security Bypass
date: 2012-10-12
description: |
  Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before
  revision r37068 allows context-dependent attackers to bypass safe-level
  restrictions and modify untainted strings via the name_err_mesg_to_str API
  function, which marks the string as tainted, a different vulnerability than
  CVE-2011-1005. 
cvss_v2: 5.0
patched_versions:
  - ~> 1.8.7.371
  - ">= 1.9.3.286"