161f074cf1
When multipart boundary attributes contain non-halting regular expression strings, the boundary searcher in the CGI module does not properly escape the parameter and will execute arbitrary regular expressions. This fix adds escaping for the user data. * Affected application servers: standalone CGI, Mongrel, WEBrick * Unaffected: FastCGI, Ruby 1.8.6 (all servers) * Unknown: mod_ruby This fix will not modify versions of Ruby greater than 1.8.5, and is cumulative with previous CGI multipart vulnerability fixes. WWW: http://blog.evanweaver.com/#cgi_multipart_eof_fix
2 lines
171 B
Text
2 lines
171 B
Text
SHA256 (rubygem/cgi_multipart_eof_fix-2.5.0.gem) = f6638858f2748f2701ae96fc7a939000f0feba1870011483d7d10662140cd672
|
|
SIZE (rubygem/cgi_multipart_eof_fix-2.5.0.gem) = 11776
|