Open tomekr opened 8 years ago
Hey team,
Just wanted to let you know that if your users deploy this server publicly as-is, attackers can execute arbitrary code on their servers.
Here's an example: http://exfiltrated.com/research-Instagram-RCE.php#Ruby_RCE
For more information on why this is the case, see section 2.1 here: http://www.phrack.org/papers/attacking_ruby_on_rails.html
+1
Hey team,
Just wanted to let you know that if your users deploy this server publicly as-is, attackers can execute arbitrary code on their servers.
Here's an example: http://exfiltrated.com/research-Instagram-RCE.php#Ruby_RCE
For more information on why this is the case, see section 2.1 here: http://www.phrack.org/papers/attacking_ruby_on_rails.html