1 Fixes an exploitable bug in CGI multipart parsing which affects Ruby <= 1.8.5.
2 When multipart boundary attributes contain non-halting regular
3 expression strings, the boundary searcher in the CGI module does not properly
4 escape the parameter and will execute arbitrary regular expressions.
5 This fix adds escaping for the user data.
7 * Affected application servers: standalone CGI, Mongrel, WEBrick
8 * Unaffected: FastCGI, Ruby 1.8.6 (all servers)
11 This fix will not modify versions of Ruby greater than 1.8.5, and is
12 cumulative with previous CGI multipart vulnerability fixes.
14 WWW: http://blog.evanweaver.com/pages/code#cgi_multipart_eof_fix