ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later.
{ "github_reviewed_at": "2020-06-16T20:52:04Z", "nvd_published_at": null, "github_reviewed": true, "cwe_ids": [ "CWE-426" ], "severity": "HIGH" }