February 2011 Archives

Planned maintenance of redmine.ruby-lang.org

Ruby's issue tracker will be down from 2011-02-23 10:00+09:00 to 24:00 for planned maintenance.

Continue Reading...

FileUtils is vulnerable to symlink race attacks

A symlink race condition vulnerability was found in FileUtils.remove_entry_secure. The vulnerability allows local users to delete arbitrary files and directories.

Continue Reading...

Exception methods can bypass $SAFE

Exception#to_s method can be used to trick $SAFE check, which makes a untrusted codes to modify arbitrary strings.

Continue Reading...

<< Back to 2011 Archives