09 Jan '13, 1am

Ruby on Rails vulnerable to six year old flaw

A critical vulnerability has been discovered in Ruby on Rails that affects almost every version of the framework. A contributor to Rails, Aaron Patterson, raised the issue on a Google Groups thread , which focuses on security issues in Rails, stating that due to the way Rails parses certain XML parameters, an attacker could "bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application." "The parameter parsing code of Ruby on Rails allows applications to automatically cast values from strings to certain data types. Unfortunately, the type casting code supported certain conversions, which were not suitable for performing on user-provided data, including creating Symbols and parsing YAML [YAML Ain't Markup Language]. These unsuitable conversions can be used by an attacker to compromise a Rails applicati...

Full article: http://www.zdnet.com/ruby-on-rails-vulnerable-to-six-year...

Tweets

New flaw in Ruby on Rails:

New flaw in Ruby on Rails:

infosecurity-magazine.com 09 Jan '13, 1pm

Earlier today the Internet Storm Center (ISC) reported , “A SQL Injection Flaw (CVE-2012-5664) was announced last week (Ja...

Exploit Code for Ruby on Rails Flaw Likely on t...

threatpost.com 09 Jan '13, 4pm

The vulnerabilities patched Tuesday in the Ruby on Rails Web framework have security researchers warning of the potential ...

Any Ruby on Rails app is, badly, utterly, pwned...

groups.google.com 09 Jan '13, 3am

Dieser Browser wird nicht unterstützt.

SQL Injection Flaw in Ruby on Rails, (Wed, Jan ...

isc.sans.edu 09 Jan '13, 2am

A SQL Injection Flaw (CVE-2012-5664) was announced last week (Jan 2) in Ruby on Rails, but I think we missed reporting on ...

Serious vulnerability in Ruby on Rails allowing...

reddit.com 08 Jan '13, 11pm

An attacker can execute any ruby code he wants including system("unix command"). This effects any rails version for the la...

Ruby on Rails に複数の脆弱性

jvn.jp 09 Jan '13, 3am

US-CERT Vulnerability Note VU#380039 Ruby on Rails contains multiple vulnerabilities in parameter parsing in the Action Pa...

Extremely critical Ruby on Rails bug threatens ...

arstechnica.com 09 Jan '13, 12am

Hundreds of thousands of websites are potentially at risk following the discovery of an extremely critical vulnerability i...

First ShRUG of 2013, what's new in Rails 4 and ...

shrug.org 07 Jan '13, 9pm

Location: The Workstation, Conference Room 2 Time: 7pm to 8.30pm This month’s ShRUG talk is from James Almond on what’s in...

Ruby on Rails patches more critical vulnerabilities: Those using the Ruby on Rails web application framework on

Ruby on Rails patches more critical vulnerabili...

news.hitb.org 09 Jan '13, 10am

Those using the Ruby on Rails web application framework on their websites are being advised to update the software immedia...

Critical vulnerability in Ruby on Rails paramet...

h-online.com 09 Jan '13, 11am

The developers of Ruby on Rails are calling on users to update their Rails installations as soon as possible, following th...

Update Ruby now before it goes off the Rails

Update Ruby now before it goes off the Rails

pcworld.com 10 Jan '13, 10pm

Do you use Ruby on Rails? If so, it’s time to update. Now. Ruby on Rails is an open source Web application framework built...

Rails

weblog.rubyonrails.org 08 Jan '13, 8pm

I'd like to announce that 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been released. These releases contain two extremely crit...

Ruby on Rails

insinuator.net 08 Jan '13, 9pm

As you might remember YAML formatted parameters are not enabled by default in Rails due to YAML (or more specifically the ...

Ruby on Rails Security Flaw Severe, but Not Widespread: Researcher

Ruby on Rails Security Flaw Severe, but Not Wid...

eweek.com 04 Jan '13, 1am

A security researcher finds a way to steal information from Web applications designed with Ruby on Rails and using a third...

Make 2013 the year you finally learn how to code! Join us at our 72-hour Ruby on Rails course. Details:

Make 2013 the year you finally learn how to cod...

hackeryou.com 08 Jan '13, 5am

Designed for beginners, this course will give you a solid foundation in Ruby on Rails. Ruby is known as one of the most be...