CVE-2016-2337 in Ruby
Riassunto
di MITRE
Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.