Ruby WEBrick Security Advisory - Official Ruby Site

On January 10, 2010, the official Ruby language website, ruby-lang.org, published a security advisory formally crediting Francesco “ascii” Ongaro, along with Giovanni “evilaliv3” Pellerano and Alessandro “jekil” Tanasi, for discovering a critical vulnerability in the WEBrick HTTP server. The bug allowed injection of dangerous escape sequences into logs, exploitable by an attacker to execute commands in victims’ terminals. The announcement, signed by developer Urabe Shyouhei, led to the immediate release of patches for all active Ruby versions, highlighting the global impact of the discovery and the authority of Ongaro’s technical contribution.