[Mongrel] [SECURITY] DOS In cgi.rb Announced, Upgrade Your Ruby
JDL
jamesludlow at gmail.com
Tue Dec 5 11:43:42 EST 2006
On 12/4/06, Zed A. Shaw <zedshaw at zedshaw.com> wrote:
> It's time again for your monthly cgi.rb DOS vulnerability. This latest vulnerability is different from the one that cgi_multipart_eof_fix.gem fixed. This one is related to the boundary taken from the web client being used incorrectly.
>
> You can read about the vulnerability:
[snip]
Thank you very much for this announcement. I took the route of
upgrading Ruby. So far so good. If I run into anything crazy, I'll
be sure to report it.
-- James
More information about the Mongrel-users
mailing list