Seven critical vulnerabilities in Ruby
Seven critical vulnerabilities have been found in Ruby, the open source object oriented scripting language. According to the Ruby community web site, they can be exploited to deny service or inject and execute malicious code. Although CVE candidate numbers have been reserved, no further details are currently available.
Vulnerable versions include 1.8.4 and all prior versions, 1.8.5-p230 and all prior versions, 1.8.6-p229 and all prior versions, 1.8.7-p21 and all prior versions, and 1.9.0-1 and all prior versions. Upgrades are available for download, and, according to the notice, fixes may also be available via open source package management.
The upgrades also fix a known directory traversal vulnerability in WEBrick.
- Arbitrary code execution vulnerabilities Ruby vulnerability notice and upgrade download links