Here you will find information about security issues of Ruby.
Reporting Security Vulnerabilities
Security vulnerabilities should be reported via an email to security@ruby-lang.org (the PGP public key), which is a private mailing list. Reported problems will be published after fixes.
Known issues
Here are recent issues.
- Exception methods can bypass $SAFE published at 18 Feb, 2011.
- FileUtils is vulnerable to symlink race attacks published at 18 Feb, 2011.
- XSS in WEBrick (CVE-2010-0541) published at 16 Aug, 2010.
- Buffer over-run in ARGF.inplace_mode= published at 2 Jul, 2010.
- WEBrick has an Escape Sequence Injection vulnerability published at 10 Jan, 2010
- Heap overflow in String published at 7 Dec, 2009
- DoS vulnerability in REXML published at 23 Aug, 2008
- Multiple vulnerabilities in Ruby published at 8 Aug, 2008
- Arbitrary code execution vulnerabilities published at 20 Jun, 2008
- File access vulnerability of WEBrick published at 3 Mar, 2008
- Net::HTTPS Vulnerability published at 4 Oct, 2007
- Another DoS Vulnerability in CGI Library published at 4 Dec, 2006
- DoS Vulnerability in CGI Library published at 3 Nov, 2006
- Ruby vulnerability in the safe level settings published at 2 Oct, 2005