Created security@ruby-lang.org .
If you have found vulnerabilities in Ruby, please report to this address.
security@ruby-lang.org is a private ML, and anyone can post to it without subscription.
Posted by Shugo Maeda on 02 Jul 2005
On Fri Jun 17 2005, a vulnerability of XMLRPC.iPIMethods was reported
in [ruby-core:05237]. Remote attackers can execute arbitrary commands by this vulnerability.
Affected Programs
Programs providing XML-RPC services by XMLRPC.iPIMethods are affected.
Fix
This vulnerability was already fixed in both the CVS HEAD and the ruby_1_8
branch.
Please apply this patch for ruby-1.8.2.
Posted by Shugo Maeda on 01 Jul 2005