Ruby WEBrick CVE-2009-4492 - Snyk Security Advisory

On July 1, 2021, the Snyk.io platform published a technical sheet regarding the CVE-2009-4492 vulnerability in the Ruby WEBrick module, assigning it a CVSS score of 9.8 and classifying it as critical. In the credits section, Snyk’s security team officially attributes the discovery to Giovanni “evilaliv3” Pellerano, Alessandro “jekil” Tanasi, and Francesco “ascii” Ongaro, recognizing their pioneering contribution in analyzing the exploit based on malformed ANSI sequences. The advisory explains that the bug allowed a remote attacker to write control characters to server logs, with the risk of command execution on administrative terminals.