Rubygem-cgi_multipart_eof_fix

Jul 20, 2023

Fix an exploitable bug in CGI multipart parsing

Fixes an exploitable bug in CGI multipart parsing which affects Ruby <= 1.8.5. When multipart boundary attributes contain non-halting regular expression strings, the boundary searcher in the CGI module does not properly escape the parameter and will execute arbitrary regular expressions. This fix adds escaping for the user data.

* Affected application servers standalone CGI, Mongrel, WEBrick
* Unaffected FastCGI, Ruby 1.8.6 all servers
* Unknown mod_ruby

This fix will not modify versions of Ruby greater than 1.8.5, and is cumulative with previous CGI multipart vulnerability fixes.



Checkout these related ports:
  • Zope213 - Object-based web application platform Version 2.13
  • Zola - Fast static site generator
  • Zgrab2 - Fast Go application scanner
  • Zerowait-httpd - Lightweight and fast http server
  • Zenphoto - Simpler web photo gallery
  • Zend-framework - Framework for developing PHP web applications
  • Yuicompressor - The Yahoo! JavaScript and CSS Compressor
  • Ytdl - YouTube downloader written in Go
  • Yt-dlp - Command-line program for downloading videos from various platforms
  • Youtube_dl - Program for downloading videos from various services
  • Yourls - Your Own URL Shortener
  • You-get - Dumb downloader that scrapes the web
  • Yaws - Web server for dynamic content written in Erlang
  • Yarr - Yet another rss reader
  • Yarn - Package manager for node, alternative to npm (meta port)