Just saw this…
Anyone know if a patch is coming soon?
06.28.29 CVE: Not Available
Platform: Cross Platform
Title: Ruby Multiple SAFE Level Restriction Bypass Vulnerabilities
Description: Ruby is an object-oriented scripting language with
support for SAFE level checking. It is vulnerable to multiple SAFE
Level Restriction Bypass vulnerabilities in the “alias” functionality.
Ruby versions 1.8.4 and earlier are vulnerable.
Ref: http://www.securityfocus.com/bid/18944
It appears that Matz has a snapshot ready that fixes it, and also one
could just wait for Ruby 1.8.5 as there are no known exploits.
The latest stable CVS snapshot is available here:
ftp://ftp.ruby-lang.org/pub/ruby/stable-snapshot.tar.gz I found this
on http://www.ruby-lang.org/en/20020102.html
I’m not sure if Rails or Typo in specific would be vulnerable to this
since I don’t know what SAFE Level Restriction is. I wouldn’t sweat
too much over it at this time.
Grant
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs