Advisory Database
  • Advisories
  • Dependency Scanning
  1. gem
  2. ›
  3. webrick
  4. ›
  5. CVE-2009-4492

CVE-2009-4492: WEBrick Improper Input Validation vulnerability

October 24, 2017 (updated May 22, 2025)

WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window’s title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.

References

  • github.com/advisories/GHSA-6mq2-37j5-w6r6
  • github.com/ruby/webrick
  • github.com/rubysec/ruby-advisory-db/blob/master/gems/webrick/CVE-2009-4492.yml
  • nvd.nist.gov/vuln/detail/CVE-2009-4492
  • web.archive.org/web/20100113155532/http://www.vupen.com/english/advisories/2010/0089
  • web.archive.org/web/20100815010948/http://secunia.com/advisories/37949
  • web.archive.org/web/20170402100552/http://securitytracker.com/id?1023429
  • web.archive.org/web/20170908140655/http://www.securityfocus.com/archive/1/508830/100/0/threaded
  • web.archive.org/web/20200228145937/http://www.securityfocus.com/bid/37710

Code Behaviors & Features

Detect and mitigate CVE-2009-4492 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →

Affected versions

All versions before 1.4.0

Fixed versions

  • 1.4.0

Solution

Upgrade to version 1.4.0 or above.

Impact 7.5 HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Learn more about CVSS

Weakness

  • CWE-20: Improper Input Validation

Source file

gem/webrick/CVE-2009-4492.yml

Spotted a mistake? Edit the file on GitLab.

  • Site Repo
  • About GitLab
  • Terms
  • Privacy Statement
  • Contact

Page generated Wed, 27 Aug 2025 12:19:08 +0000.