09 Jan '13, 4pm

Sites Built With Ruby on Rails Suffer New Vulnerability

Here’s something new in the way of security worries: Weaknesses in Ruby on Rails. A significant vulnerability has been found in the popular Web application development framework that can let attackers do unintended things. It’s the second vulnerability — here’s the advisory on the first — detected in Ruby on Rails in as many weeks. First word of the new vulnerability appeared on a Google group devoted to Ruby on Rails security , and Felix Wilhelm, an IT Security blogger, posted some details about how the vulnerability works, without much in the way of detail. The vulnerability allows an attacker to take control of a Web site built using Ruby on Rails, and to execute any code they want. Here’s why you care: It’s one of the most popular Web development frameworks around. Sites built using it include Hulu, Funny or Die, and Scribd. Even Twitter was, in its earlier versions, b...

Full article: http://allthingsd.com/20130109/sites-built-with-ruby-on-r...

Tweets

Sites Built With Ruby On Rails Suffer New Vulne...

allthingsd.com 09 Jan '13, 4pm

Here’s something new in the way of security worries: Weaknesses in Ruby on Rails. A significant vulnerability has been fou...

Vulnerability in Ruby on Rails could bring 200,000 sites down

Vulnerability in Ruby on Rails could bring 200,...

geek.com 10 Jan '13, 12pm

In the realm of computer security there are bugs , and then there are bugs . The latter refers to a real showstopper — the...

Are you running Rails? Have you upgraded? If not, stop, upgrade IMMEDIATELY.

Are you running Rails? Have you upgraded? If no...

techweekeurope.co.uk 09 Jan '13, 4pm

A significant flaw on the Ruby on Rails web development framework might have put thousands of websites at risk of being ha...

Serious vulnerability in Ruby on Rails allowing...

reddit.com 08 Jan '13, 11pm

An attacker can execute any ruby code he wants including system("unix command"). This effects any rails version for the la...

Critical vulnerability in Ruby on Rails paramet...

h-online.com 09 Jan '13, 11am

The developers of Ruby on Rails are calling on users to update their Rails installations as soon as possible, following th...

Extremely critical Ruby on Rails bug threatens ...

linuxtoday.com 09 Jan '13, 8pm

Extremely critical Ruby on Rails bug threatens more than 200,000 sites Jan 09, 2013, 11:00 (0 Talkback[s] ) Tweet Hundreds...

Ruby on Rails derails 240,000 sites with enormo...

theregister.co.uk 10 Jan '13, 3pm

Popular programming framework Ruby on Rails is affected by two critical security vulnerabilities - one allowing anyone to ...

Update Ruby now before it goes off the Rails

Update Ruby now before it goes off the Rails

pcworld.com 10 Jan '13, 10pm

Do you use Ruby on Rails? If so, it’s time to update. Now. Ruby on Rails is an open source Web application framework built...

Extremely critical Ruby on Rails bug threatens ...

arstechnica.com 09 Jan '13, 12am

Hundreds of thousands of websites are potentially at risk following the discovery of an extremely critical vulnerability i...

Extremely critical Ruby on Rails bug threatens ...

mukpin.com 10 Jan '13, 1pm

Extremely critical Ruby on Rails bug threatens more than 200,000 sites hundreds of thousands of websites are potentially a...

Ruby on Rails patches more critical vulnerabilities: Those using the Ruby on Rails web application framework on

Ruby on Rails patches more critical vulnerabili...

news.hitb.org 09 Jan '13, 10am

Those using the Ruby on Rails web application framework on their websites are being advised to update the software immedia...

New flaw in Ruby on Rails:

New flaw in Ruby on Rails:

infosecurity-magazine.com 09 Jan '13, 1pm

Earlier today the Internet Storm Center (ISC) reported , “A SQL Injection Flaw (CVE-2012-5664) was announced last week (Ja...

Extremely critical Ruby on Rails bug threatens ...

reddit.com 09 Jan '13, 2am

No, what you need is a descriptive language that gives designers what they want and then hook everything up by calling som...

Rails vulnerabilities are not Rails'

revision-zero.org 12 Jan '13, 6pm

Would it make sense for Rails controllers to accept YAML-encoded parameters? Of course it does. URL-encoded, XML, and JSON...

.@appboy patches its servers after Ruby on Rail...

blog.appboy.com 11 Jan '13, 5pm

Earlier this week, a serious advisory was posted to the Ruby on Rails security discussion list . Unknown hacker groups had...