[Mongrel] [SECURITY] DOS In cgi.rb Announced, Upgrade Your Ruby

JDL jamesludlow at gmail.com
Tue Dec 5 11:43:42 EST 2006


On 12/4/06, Zed A. Shaw <zedshaw at zedshaw.com> wrote:
> It's time again for your monthly cgi.rb DOS vulnerability.  This latest vulnerability is different from the one that cgi_multipart_eof_fix.gem fixed.  This one is related to the boundary taken from the web client being used incorrectly.
>
> You can read about the vulnerability:
[snip]

Thank you very much for this announcement.  I took the route of
upgrading Ruby.  So far so good.  If I run into anything crazy, I'll
be sure to report it.

-- James


More information about the Mongrel-users mailing list