-----BEGIN PGP SIGNED MESSAGE-----
A possible security vulnerability on WEBrick. The vulnerability has been
reported as CVE-2010-0541. (*1)
WEBrick have had a cross-site scripting vulnerability that allows an
attacker to inject arbitrary script or HTML via a crafted URI. This does
not affect user agents that strictly implement HTTP/1.1, however, some
user agents do not.
The affected versions are:
- Ruby 1.8.6-p399 or any prior releases.
- Ruby 1.8.7-p299 or any prior releases.
- Ruby 1.9.1-p429 or any prior releases.
- Ruby 1.9.2 RC2 or any prior releases.
- Development versions of Ruby 1.9 (1.9.3dev).
We recommend you to upgrade your ruby to the newest patch level
Fixes for 1.8.6, 1.8.7 and 1.9.1 is going to be released soon.
For development versions, please update to the most recent revision
for each development branch.
You can also fix the vulnerability by applying a patch to
The patch is available at
ftp.ruby-lang.org:/home/ftp/pub/misc/webrick-cve-2010-0541.diff. It is
written by Hirokazu NISHIO.
The veulnerability was found by Apple and reported to the Ruby security
team by Hideki Y… (*2)
- – Yuki S. (Yugui) [email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----