OSVDB-95668: Private Method Exposure

June 15, 2007

This package contains a flaw in the handling of tag names. The issue is triggered when the program reads tag names from XML data and then calls a method with that name. With a specially crafted file, a context-dependent attacker can call private methods and manipulate data.

References

github.com/jimweirich/builder/commit/f0724dcd6375f03a8f881b5c9ec6178cc70f12ea
github.com/rubysec/ruby-advisory-db/blob/master/gems/builder/OSVDB-95668.yml

Detect and mitigate OSVDB-95668 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →