Ruby on Rails 3.2.11 released to address 2 "extremely critical" vulnerabilities

Ruby on Rails 3.2.11 Released to Address 2 “Extremely Critical” Vulnerabilities - Softpedia

Ruby on Rails 3.2.11 released to address 2 "extremely critical" vulnerabilities

Less than one week has passed since Ruby on Rails 3.2.10 was released to address an SQL Injection vulnerability. However, yesterday, the developers were forced to issue another update because of two “extremely critical” security holes. One of the vulnerabilities exists when Active Record is used in conjunction with JSON parameter parsing. An attacker can leverage the flaw to issue unexpected database queries. The security bug does not allow the attacker to insert arbitrary values into an SQL query, but he can “cause the query to check for NULL or eliminate a WHERE clause when most users wouldn't expect it.” The second issue is represented by multiple vulnerabilities in parameter parsing in Action Pack. The weaknesses can be exploited to bypass authentication systems, inject arbitrary code, and even perform DOS attacks on Rails applications. Considering the critical nature ...

Full article: http://news.softpedia.com/news/Ruby-on-Rails-3-2-11-Relea...

Tweets

@StudioCouCou » 10 Jan '13, 4pm
All the studio's Rails apps have now been patched for the "Extremely Critical" vulnerability published yesterday. :) [link]
@RealBelahzur » 10 Jan '13, 1am
Ruby on Rails 3.2.11 Released to Address 2 âExtremely Criticalâ Vulnerabilities [link] via @softpedia
@tteri80 » 09 Jan '13, 11am
RT @CyberCrimeNEWS: Ruby on Rails 3.2.11 Released to Address 2 “Extremely Critical” Vulnerabilities [link] #ccureit
@rwnash » 09 Jan '13, 11am
RT @gcluley: RT @EduardKovacs Ruby on Rails 3.2.11 released to address 2 "extremely critical" vulnerabilities [link]
@CyberCrimeNEWS » 09 Jan '13, 11am
Ruby on Rails 3.2.11 Released to Address 2 “Extremely Critical” Vulnerabilities [link] #ccureit
@gcluley » 09 Jan '13, 11am
RT @EduardKovacs Ruby on Rails 3.2.11 released to address 2 "extremely critical" vulnerabilities [link]
@SecMash » 09 Jan '13, 11am
#InfoSec Ruby on Rails 3.2.11 Released to Address 2 “Extremely Critical” Vulnerabilities [link] #CyberSecurity
@starkeymagazine » 09 Jan '13, 10am
#News Ruby on Rails 3.2.11 Released to Address 2 “Extremely Critical” Vulnerabilities [link] #Softpedia
@DJM1968 » 09 Jan '13, 11am
RT @gcluley: RT @EduardKovacs Ruby on Rails 3.2.11 released to address 2 "extremely critical" vulnerabilities [link]
@CcureIT » 09 Jan '13, 11am
Ruby on Rails 3.2.11 Released to Address 2 “Extremely Critical” Vulnerabilities [link] #ccureit
@EduardKovacs » 09 Jan '13, 11am
Ruby on Rails 3.2.11 released to address 2 "extremely critical" vulnerabilities [link]