Yusuke Endoh

**Name of the Vulnerable Software and Affected Versions** Ruby versions prior to 2.2.8 Ruby versions 2.3.x prior to 2.3.5 Ruby versions 2.4.x through 2.4.1 **Description** The issue is related to the Basic authentication code in the WEBrick library in Ruby, which allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name. This is due to improper handling of log output. An attacker could exploit this issue by using a specially prepared username, potentially allowing them to execute arbitrary commands in the user's terminal emulator. **Recommendations** For Ruby versions prior to 2.2.8, update to version 2.2.8 or later. For Ruby versions 2.3.x prior to 2.3.5, update to version 2.3.5 or later. For Ruby versions 2.4.x through 2.4.1, update to a version later than 2.4.1.