ruphus13 writes "Ruby continues to be in the spotlight, but this time for the wrong reasons. "A member of Apple's security team has discovered multiple serious security vulnerabilities in Ruby, the popular open-source scripting language. According to an advisory on the Ruby project site, Apple's Drew Yao reported at least six of the vulnerabilities, which can be exploited to cause a denial-of-service condition or the execution of arbitrary code." The article goes on to state, "These vulnerabilities are likely to crop up in just about any average ruby web application. And by "crop up" I mean "crop up exploitable from trivial user-specified parameters". It's not hard to begin imagining cases where Ruby/Rails programmers use code similar to the samples above to routinely handle user input."" Link to Original Source
This discussion was created for logged-in users only, but now has been archived.
No new comments can be posted.
Apple finds multiple security holes in Ruby 0 Comments More Login /
Get More Comments