[Nitro] Nitro security vulnerability
george.moschovitis at gmail.com
Wed Jan 7 06:57:05 EST 2009
Please send me more details privately.
On Wed, Jan 7, 2009 at 1:41 PM, Bill Kelly <billk at cts.com> wrote:
> I'm not sure what the protocol is for reporting vulnerabilities,
> so I won't say anything explict in this email.
> A security company tested our site and found a type of malformed
> URL that when handled by Nitro allows reading arbitrary files
> on the host system.
> I don't have a patch yet, but I'll begin debugging the issue
> tomorrow morning.
> When I do have a patch, what's the proper way for me to report
> the issue?
> Nitro-general mailing list
> Nitro-general at rubyforge.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Nitro-general