DLL Hijacking Vulnerability in ruby-ffi v1.9.23 and earlier

DLL Hijacking Vulnerability in ruby-ffi v1.9.23 and earlier

CVE-2018-1000201 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later.

Learn more about our Web Application Penetration Testing UK.