Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a leakage of its heap by the malicious specification of the format of sprintf method. If a script allows to accept any format from the outside, there is a risk to be spied the contents of the heap.


원문출처 : https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0898