October 2019 Archives
Ruby 2.7.0-preview2 Released
We are pleased to announce the release of Ruby 2.7.0-preview2.
Posted by naruse on 22 Oct 2019
2020 Fukuoka Ruby Award Competition - Entries to be judged by Matz
Dear Ruby Enthusiasts,
Posted by Fukuoka Ruby on 16 Oct 2019
CVE-2019-16201: Regular Expression Denial of Service vulnerability of WEBrick's Digest access authentication
Regular expression denial of service vulnerability of WEBrick’s Digest authentication module was found. An attacker can exploit this vulnerability to cause an effective denial of service against a WEBrick service.
Posted by mame on 1 Oct 2019
CVE-2019-15845: A NUL injection vulnerability of File.fnmatch and File.fnmatch?
A NUL injection vulnerability of Ruby built-in methods (File.fnmatch and File.fnmatch?) was found. An attacker who has the control of the path pattern parameter could exploit this vulnerability to make path matching pass despite the intention of the program author.
CVE-2019-15845 has been assigned to this vulnerability.
Posted by mame on 1 Oct 2019
CVE-2019-16254: HTTP response splitting in WEBrick (Additional fix)
There is an HTTP response splitting vulnerability in WEBrick bundled with Ruby. This vulnerability has been assigned the CVE identifier CVE-2019-16254.
Posted by mame on 1 Oct 2019
CVE-2019-16255: A code injection vulnerability of Shell#[] and Shell#test
A code injection vulnerability of Shell#[] and Shell#test in a standard library (lib/shell.rb) was found. The vulnerability has been assigned the CVE identifier CVE-2019-16255.
Posted by mame on 1 Oct 2019