Ruby: sprintf combined format string attack

In a ticket that was also reported to "shopify-scripts" regarding "MRuby", I reported in details a combined attack against the sprintf gem: Information leak Heap buffer underflow The full ticket details can be found in: Ticket 212239 The ticked was opened several minutes ago but I add it in case ...

shopify-scripts: Null target_class DoS

The Objectinstanceexec method in mrbgems/mruby-object-ext/src/object.c executes a block in the context of an object. It sets the VM's targetclass pointer to the singleton class of this object. targetclass is used as the definition target for constants and methods. If a singleton class cannot be...