Code Injection Bug Report

Good morning, I hope this message finds you well. On 22 November 2019, I emailed [email protected] about a Code Injection bug on cache.ruby-lang.org, as the ruby-lang.org website is considered out-of-scope on H1. on 24 November 2019 the bug was acknowledged and [a patch](https://github.com/ruby/cache.r-l.o/commit/8739ca125f412a0cf2583b4b49a10ea52c75ff5f) released. This morning, 27 November 2019, I was asked to open this ticket. ## Impact A lack of filtering on the cache.ruby-lang.org website enabled persons to inject code into the page, spoofing messages to the user, or redirecting them to malicious websites.