rubygem-rails -- evaluation of ruby code
The Ruby on Rails blog reports:
With Rails 1.1.0 through 1.1.5 (minus the short-lived 1.1.3),
you can trigger the evaluation of Ruby code through the URL
because of a bug in the routing code of Rails. This means that
you can essentially take down a Rails process by starting
something like /script/profiler, as the code will run for a
long time and that process will be hung while it happens.
Other URLs can even cause data loss.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright