There seems to be a Denial of Service vulnerability in Ruby’s CGI.rb that affects all Ruby applications that use CGI for Mime parsing. That will include all Rails applications that are running on Mongrel or CGI. The only not affected constellations are WEBrick and FastCGI. A malicious URL will cause CGI.rb to use max. CPU in an infinitive loop.
So if your are using Mongrel, hotfix your installation b using the latest pre-release that depends on the monkey-patch to CGI.rb:
sudo gem install mongrel --source=http://mongrel.rubyforge.org/releases
If you are using CGI.rb by other means, install the hotfix-gem and require it:
gem install cgi_multipart_eof_fix --source=http://mongrel.rubyforge.org/releases
More details by Zed Shaw here.
