Yukihiro Matsumoto: >> Ruby >> 1.8.3 Security Vulnerabilities
The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467.
CVSS Score
5.0
EPSS Score
0.037
Published
2006-12-06
Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".
CVSS Score
6.4
EPSS Score
0.038
Published
2006-07-21