Browse files

Added the Pull Request URL to the README.

  • Loading branch information...
1 parent e6beadb commit 23d70cba84488cc25c2a594eba16ca98954abbf3 @postmodern postmodern committed Aug 26, 2011
Showing with 4 additions and 0 deletions.
  1. +4 −0 README.rdoc
@@ -3,6 +3,8 @@
<b>All versions of RubyGems are vulnerable to Persistent Code Injection via
the gemspecs, which RubyGems generates when installing a Gem.</b>
== Explanation
When building a +.gem+ file, RubyGems will load your pure-Ruby gemspec
@@ -68,6 +70,8 @@ gemspecs.
== Solution
The fix for this bug is rather simple, the +ruby_code+ method should
call <tt>String#dump</tt> or <tt>String#inspect</tt> instead of naively
wrapping the Strings in <tt>%q{ }</tt>.

0 comments on commit 23d70cb

Please sign in to comment.