Ruby: Attacker can smuggle a malicious domain in a URI object.

Simple example: userprovidedredirecturi = "http:////malware.com/real/path" eviluri = URI.parseuserprovidedredirecturi eviluri.host = nil eviluri.tos = "http://malware.com/real/path" In many common URI-validation scenarios, the target system will likely parse a user provided URI, and then check th...

[SECURITY] [DSA 862-1] New Ruby 1.6 packages fix safety bypass

-------------------------------------------------------------------------- Debian Security Advisory DSA 862-1 [email protected] http://www.debian.org/security/ Martin Schulze October 11th, 2005 http://www.debian.org/security/faq -...