--- layout: page title: January 2010 Archives ---

WEBrick has an Escape Sequence Injection vulnerability

A vulnerability was found on WEBrick, a part of Ruby's standard library. WEBrick lets attackers to inject malicious escape sequences to its logs, making it possible for dangerous control characters to be executed on a victim's terminal emulator.

We already have a fix for it. Releases for every active branches are to follow this announce. But for a meantime, we recommend you to avoid looking at your WEBrick logs, until you update your WEBrick process.

Continue Reading…

Posted by Urabe Shyouhei on 10 Jan 2010

<< Back to 2010 Archives