There is a heap overflow vulnerability in
String#rjust. This has allowed an attacker to run
arbitrary code in some rare cases.
- All releases of Ruby 1.9.1.
This vulnerability does not affect Ruby 1.8 series.
Please upgrade to Ruby 1.9.1-p376.
Credit to Emmanouel Kellinis, KPMG London for disclosing the problem to Ruby Security team.
- 2009-12-07 14:52 +0900 add link to CVE (but not opened yet when writing this page)
Posted by Yugui on 7 Dec 2009