In association with heise online

20 June 2008, 15:37

Seven critical vulnerabilities in Ruby

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Seven critical vulnerabilities have been found in Ruby, the open source object oriented scripting language. According to the Ruby community web site, they can be exploited to deny service or inject and execute malicious code. Although CVE candidate numbers have been reserved, no further details are currently available.

Vulnerable versions include 1.8.4 and all prior versions, 1.8.5-p230 and all prior versions, 1.8.6-p229 and all prior versions, 1.8.7-p21 and all prior versions, and 1.9.0-1 and all prior versions. Upgrades are available for download, and, according to the notice, fixes may also be available via open source package management.

The upgrades also fix a known directory traversal vulnerability in WEBrick.

See also


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit