vulnerability discovered in Ruby

RubyAccording to Ruby community web site a denial-of-service vulnerability has been discovered in the bigDecimal standard library. The impact of this hole can allow a hacker to launch a DoS attack by causing BigDecimal to parse an insanely large number, such as:

BigDecimal(“9E69999999″).to_s(“F”)

Ruby 1.8.6-p368 and all prior versions in addition to 1.8.7-p160 and all prior versions are affected by this vulnerability and the solution is to upgrade and follow the instructions on ruby website.

make sure you subscribe to my RSS feed!

Share