Ruby: Resolv::getaddresses bug that can be abused to bypass security measures.

Description Resolv::getaddresses is OS-dependent, therefore by playing around with different IP formats one can return blank values. This bug can be abused to bypass exclusion lists often used to protect against SSRF. | 💻 Machine 1 | 💻 Machine 2 | |--------------|---------------| | ruby 2.3.3p222...

shopify-scripts: SIGSEV on mrb_ary_splice

Sample The following code causes a SIGSEV when executed under the sandbox t0me=methods t0me0,0=t0me Crash Here we can see the crash full crash output attached $ bin/sandbox /tmp/mrbarysplice-crash.rb bin/sandbox:21: BUG Segmentation fault at 0x00005200000004 ruby 2.3.1p112 2016-04-26...