|
|
|
|
|
|
by boesboes
1435 days ago
|
|
|
Newer versions of tzinfo use non-ruby files for their data and are not effected afaict. My guess is that it might be exploitable when parsing a user provided datetime with zone without any sanitization of the input. And only when using that get method. I might try to see if Rails is vunerable to this, but probably not from a cursory glance |
|
|