Hacker News new | past | comments | ask | show | jobs | submit login

My bet goes to #3. After [0]this commit, everything is possible in Ruby world.

[0]https://github.com/rails/rails/commit/b83965785db1eec019edf1...




That seems to demonstrate a github vulnerability, rather than anything ruby-specific?


It was a Rails vulnerability (mass assignment) that the attacker used to accomplish this. It’s long since been fixed and doesn’t demonstrate an inherent security flaw with the “ruby world.”

https://gist.github.com/peternixey/1978249




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: