09 Jan '13, 4pm

Are you running Rails? Have you upgraded? If not, stop, upgrade IMMEDIATELY.

Are you running Rails? Have you upgraded? If not, stop, upgrade IMMEDIATELY.

A significant flaw on the Ruby on Rails web development framework might have put thousands of websites at risk of being hacked, researchers warned today. The vulnerability, which has been patched, lies in the XML parsing functionality in Ruby on Rails and could be exploited just by making a request to an application based on the framework. An advisory posted yesterday notified people of the flaw in the Ruby on Rails ‘Action Pack’. Ruby on Rails security scare “This vulnerability is critical and given the popularity of Ruby on Rails, the impact is huge,” Claudio Guarnieri, security researcher at Rapid7, told TechWeekEurope . “From a technical standpoint it’s a very interesting and challenging vulnerability that can be exploited in several different ways with very dangerous outcomes, from SQL injection to code execution. “Organisations that adopt Ruby on Rails in their appli...

Full article: http://www.techweekeurope.co.uk/news/huge-ruby-on-rails-v...

Tweets

Critical Ruby on Rails flaws fixed, upgrade imm...

net-security.org 09 Jan '13, 2pm

For the second week in a row since the start of the new year, users of open source web application framework Ruby on Rails...

Critical vulnerability in Ruby on Rails paramet...

h-online.com 09 Jan '13, 11am

The developers of Ruby on Rails are calling on users to update their Rails installations as soon as possible, following th...

Unsafe Query Generation Risk in Ruby on Rails (...

groups.google.com 08 Jan '13, 8pm

Dieser Browser wird nicht unterstützt.

Critical vulnerability in Ruby on Rails paramet...

h-online.com 09 Jan '13, 11am

The developers of Ruby on Rails are calling on users to update their Rails installations as soon as possible, following th...

Ruby on Rails

insinuator.net 08 Jan '13, 9pm

As you might remember YAML formatted parameters are not enabled by default in Rails due to YAML (or more specifically the ...

Exploit Code for Ruby on Rails Flaw Likely on t...

threatpost.com 09 Jan '13, 4pm

The vulnerabilities patched Tuesday in the Ruby on Rails Web framework have security researchers warning of the potential ...

Sites Built With Ruby On Rails Suffer New Vulne...

allthingsd.com 09 Jan '13, 4pm

Here’s something new in the way of security worries: Weaknesses in Ruby on Rails. A significant vulnerability has been fou...

Sites Built With Ruby on Rails Suffer New Vulne...

allthingsd.com 09 Jan '13, 4pm

Here’s something new in the way of security worries: Weaknesses in Ruby on Rails. A significant vulnerability has been fou...

Serious vulnerability in Ruby on Rails allowing...

reddit.com 08 Jan '13, 11pm

An attacker can execute any ruby code he wants including system("unix command"). This effects any rails version for the la...

Critical Flaws Patched in Ruby on Rails

threatpost.com 08 Jan '13, 9pm

"There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentica...

Ruby on Rails pushing out 'extremely critical' fixes: Workaround available.

Ruby on Rails pushing out 'extremely critical' ...

scmagazine.com.au 09 Jan '13, 2am

The maintainers of Ruby on Rails have pushed out the second update in a week to fix a critical hole in the framework which...

Read @adamjodonnell's insights on the latest Ru...

blog.sourcefire.com 09 Jan '13, 8pm

A little under 24 hours ago two major, long-standing vulnerabilities were announced in the popular web programming framewo...

Ruby on Rails patches more critical vulnerabilities: Those using the Ruby on Rails web application framework on

Ruby on Rails patches more critical vulnerabili...

news.hitb.org 09 Jan '13, 10am

Those using the Ruby on Rails web application framework on their websites are being advised to update the software immedia...

New flaw in Ruby on Rails:

New flaw in Ruby on Rails:

infosecurity-magazine.com 09 Jan '13, 1pm

Earlier today the Internet Storm Center (ISC) reported , “A SQL Injection Flaw (CVE-2012-5664) was announced last week (Ja...

Vulnerability in Ruby on Rails could bring 200,000 sites down

Vulnerability in Ruby on Rails could bring 200,...

geek.com 10 Jan '13, 12pm

In the realm of computer security there are bugs , and then there are bugs . The latter refers to a real showstopper — the...