CVEs affecting projects tracked on Release Alert, from NVD & OSV.
CVE-2009-4124 — HIGH severity vulnerability | Release Alert
CVE-2009-4124
10
HIGHCVSS v2
Published
December 11, 2009
Affected
2 projects
Assigned by
MITRE
Severity scale
010
Description
Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. NOTE: some of these details are obtained from third party information.
ChocolateyRuby is a dynamic, open source programming language focusing on simplicity and productivity. It has an elegant syntax that is natural to read and easy to write.
This package provides a self-contained [Windows-based installer](https://rubyinstaller.org) that includes the Ruby language, an execution environment, important documentation, and more.
## Package Parameters
- `/InstallDir` - Ruby installation directory, by default `c:\tools\RubyXY` where XY are major and minor version parts.
- `/NoPath` - Do not add ruby bin folder to machine PATH.
Example: `choco install ruby --package-parameters="'/NoPath ""/InstallDir:C:\your\install\path""'"`
## Notes
- To install ruby development kit ruby installer provides `ridk` command. It provides an easy way to install msys2 via `ridk install 1`, however, the installation is interactive. To accomplish unattended install, use [msys2](https://chocolatey.org/packages/msys2) package.