From: "mcandre (Andrew Pennebaker) via ruby-core" <ruby-core@...>
Date: 2025-11-06T14:25:50+00:00
Subject: [ruby-core:123704] [Ruby Bug#21667] CVE-2024-12224

Issue #21667 has been updated by mcandre (Andrew Pennebaker).


Wiz reports a servo/rust-url package. Curious if Ruby is using this package strictly at the point in time when the Ruby language is being compiled, possibly even an integration test suite. Or perhaps servo ends up as a portion of the Ruby standard library.

----------------------------------------
Bug #21667: CVE-2024-12224
https://bugs.ruby-lang.org/issues/21667#change-115091

* Author: mcandre (Andrew Pennebaker)
* Status: Feedback
* Backport: 3.2: UNKNOWN, 3.3: UNKNOWN, 3.4: UNKNOWN
----------------------------------------
ruby-build triggers Wiz finding CVE-2024-12224 for the leftover build files, when compiling Ruby from source.



-- 
https://bugs.ruby-lang.org/
______________________________________________
 ruby-core mailing list -- ruby-core@ml.ruby-lang.org
 To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org
 ruby-core info -- https://ml.ruby-lang.org/mailman3/lists/ruby-core.ml.ruby-lang.org/