Ruby on Rails Multiple Vulnerabilities

Last Update Date: 14 Feb 2013 15:13 Release Date: 14 Feb 2013 3500 Views

RISK: Medium Risk

Medium Risk

TYPE: Servers - Internet App Servers

TYPE: Internet App Servers

Two vulnerabilities have been discovered in Ruby on Rails, a Ruby framework for web application development.

  1. The blacklist provided by the attr_protected method could be bypassed with crafted requests, having an application-specific impact.
  2. In some applications, the +serialize+ helper in ActiveRecord could be tricked into deserializing arbitrary YAML data, possibly leading to remote code execution.

Impact

  • Remote Code Execution

System / Technologies affected

  • Version prior to 2.3.5-1.2+squeeze7

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Updated to version 2.3.5-1.2+squeeze7

Vulnerability Identifier

Source

Related Link

Share with

Previous

Adobe Flash Player Multiple Vulnerabilities

8 Feb 2013 4858 Views

Next

PostgreSQL Array Index Error Vulerability

8 Feb 2013 4253 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY