Security Policy
Reporting a Vulnerability
If you have any security concern, contact [email protected].
Scope
We consider the following issues as vulnerabilities:
-
Remote code execution
-
Crash caused by a valid Ruby script
We don’t consider the following issues as vulnerabilities:
-
Runtime C undefined behavior (including integer overflow)
-
Crash caused by misused API
-
Crash caused by modified compiled binary
-
ASAN/Valgrind warning for too big memory allocation mruby assumes
malloc(3)returnsNULLfor too big allocations