Just saw this…
Anyone know if a patch is coming soon?
06.28.29 CVE: Not Available
Platform: Cross Platform
Title: Ruby Multiple SAFE Level Restriction Bypass Vulnerabilities
Description: Ruby is an object-oriented scripting language with
support for SAFE level checking. It is vulnerable to multiple SAFE
Level Restriction Bypass vulnerabilities in the “alias” functionality.
Ruby versions 1.8.4 and earlier are vulnerable.
It appears that Matz has a snapshot ready that fixes it, and also one
could just wait for Ruby 1.8.5 as there are no known exploits.
The latest stable CVS snapshot is available here:
ftp://ftp.ruby-lang.org/pub/ruby/stable-snapshot.tar.gz I found this
I’m not sure if Rails or Typo in specific would be vulnerable to this
since I don’t know what SAFE Level Restriction is. I wouldn’t sweat
too much over it at this time.