ãã®è¨äºã¯Ruby Advent Calendar 2022ã®ç¬¬20æ¥ã®è¨äºã§ããåæ¥ã®è¨äºã¯@ydahããã«ãããRuboCopã®ãã¼ã¸ã§ã³ãææ°ã«ä¿ã¤æè¡ãã§ããã 2022å¹´11æ22æ¥ã«ãRuby cgi gemã®HTTPãããã¤ã³ã¸ã§ã¯ã·ã§ã³èå¼±æ§CVE-2021-33621ãçºè¡¨ãããã¾ããã CVE-2021-33621: HTTP response splitting in CGI Rubyã®CGIã©ã¤ãã©ãªã«HTTPã¬ã¹ãã³ã¹åå²èå¼±æ§ããããç§å¯æ å ±ãæ¼æ´©ãã - HackerOne CGI::Cookieã¯ã©ã¹ã«ãããã»ãã¥ãªãã£ä¸å¥½ã¾ãããªãä»æ§ããã³å®è£ - HackerOne ç§ã¯HackerOneãéãã¦ãã®èå¼±æ§ãå ±åãã¾ããããã®è¨äºã§ã¯ãå½è©²èå¼±æ§ã®æ¦è¦ã¨çºè¦ã®çµç·¯ãªã©ã«ã¤ãã¦å ±åãã¾ãã æ¦è¦ èå¼±æ§çºè¦ã®çµç·¯ å½±é¿ãåããã¢ããªã±ã¼ã·ã§ã³ å½±é¿ å¯¾ç
{{#tags}}- {{label}}
{{/tags}}