CVE-2026-34829: Ruby Unescaped Prefix Regex Interpolation
Unescaped string interpolation in a regular expression used for prefix matching or stripping. If the interpolated string contains regular expression metacharacters, it may not match as intended or could lead to logic bypasses (e.g., directory disclosure). Use `Regexp.escape()` or `Regexp.quote()` to safely interpolate literal strings into regular expressions
greprules fetch cve-2026-34829-ruby-unescaped-prefix-regex-interpolation --engine opengrepDescription
Unescaped string interpolation in a regular expression used for prefix matching or stripping. If the interpolated string contains regular expression metacharacters, it may not match as intended or could lead to logic bypasses (e.g., directory disclosure). Use `Regexp.escape()` or `Regexp.quote()` to safely interpolate literal strings into regular expressions
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.