rubygem-cgi_multipart_eof_fix
2.5.0Fix an exploitable bug in CGI multipart parsing
Fixes an exploitable bug in CGI multipart parsing which affects Ruby <= 1.8.5. When multipart boundary attributes contain non-halting regular expression strings, the boundary searcher in the CGI module does not properly escape the parameter and will execute arbitrary regular expressions. This fix adds escaping for the user data. * Affected application servers: standalone CGI, Mongrel, WEBrick * Unaffected: FastCGI, Ruby 1.8.6 (all servers) * Unknown: mod_ruby This fix will not modify versions of Ruby greater than 1.8.5, and is cumulative with previous CGI multipart vulnerability fixes.
Origin: www/rubygem-cgi_multipart_eof_fix
Category: www
Size: 36.8KiB
License: GPLv2, RUBY
Maintainer: ruby@FreeBSD.org
Dependencies: 2 packages
Required by: 0 packages
Website: blog.evanweaver.com/pages/code
$
pkg install rubygem-cgi_multipart_eof_fixDependencies (2)
More in www
py311-requests2.32.5
Python HTTP for Humansp5-libwww6.81
Perl5 library for WWW accessp5-HTML-Parser3.83
Perl5 module for parsing HTML documentsphp84-session8.4.16
The session shared extension for phpp5-Catalyst-Runtime5.90132_1
Elegant MVC Web Application Framework (Runtime)py311-django424.2.29
High-level Python Web Frameworkapache242.4.66
Version 2.4.x of Apache web serverp5-HTTP-Message7.01
Representation of HTTP style messagesp5-Template-Toolkit3.102
Extensible template processing systemp5-Plack1.0051
Perl extension of PSGI reference implementation and utilities