Nitro security vulnerability


I’m not sure what the protocol is for reporting vulnerabilities,
so I won’t say anything explict in this email.

A security company tested our site and found a type of malformed
URL that when handled by Nitro allows reading arbitrary files
on the host system.

I don’t have a patch yet, but I’ll begin debugging the issue
tomorrow morning.

When I do have a patch, what’s the proper way for me to report
the issue?



Please send me more details privately.

thank you,

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs