There is an overflow in URI escape parsing in Ruby. This vulnerability has been assigned the CVE identifier CVE-2014-2525.
Details
Any time a string in YAML with tags is parsed, a specially crafted string can cause a heap overflow which can lead to arbitrary code execution.
read more....https://www.ruby-lang.org/en/news/2014/03/29/heap-overflow-in-yaml-uri-escape-parsing-cve-2014-2525/
Details
Any time a string in YAML with tags is parsed, a specially crafted string can cause a heap overflow which can lead to arbitrary code execution.
read more....https://www.ruby-lang.org/en/news/2014/03/29/heap-overflow-in-yaml-uri-escape-parsing-cve-2014-2525/