Ruby on Rails Vulnerabilities Discovered, Users Urged to Update Immediately

thewhir.com 10 Jan '13, 4pm

Ruby on Rails Vulnerabilities Discovered, Users Urged to Update Immediately

A vulnerability discovered on the Ruby on Rails web application framework allows attackers to bypass authentication systems to inject arbitrary SQL or code Related Topics: hackers , Ruby On Rails , ruby on rails framework , Security A vulnerability discovered on the Ruby on Rails web application framework allows attackers to bypass authentication systems to inject arbitrary SQL or code, according to a report by Ars Technica on Tuesday. The vulnerability has been called the worst ever detected on the Ruby on Rails framework since it impacts all of the past six years of Rails versions. Ben Murphy, a developer that was part of a group that discovered the vulnerability told Ars that though the attack is complex, it will work 100 percent of the time. Ruby on Rails released updated versions on Tuesday , which “contain two extremely critical security fixes.” This is a separate is...

Full article: http://www.thewhir.com/web-hosting-news/ruby-on-rails-vul...

Tweets

@rodrigomadrid » 10 Jan '13, 9pm
Ruby on Rails Vulnerabilities Discovered, Users Urged to Update Immediately via @thewhir [link]
@NicoleHenderson » 10 Jan '13, 8pm
Have you warned your customers about the @rubyonrails JSON and XML vulnerabilities? [link] They should be updating ASAP
@Poulinjf » 10 Jan '13, 8pm
RT @iweb: Ruby on Rails Vulnerabilities Discovered, Users Urged to Update Immediately [link]
@newhost25cc » 10 Jan '13, 4pm
[Web Hosting News] Ruby on Rails Vulnerabilities Discovered, Users Urged to Update Immediately [link]
@HostPuppy » 10 Jan '13, 4pm
Hosting News: Ruby on Rails Vulnerabilities Discovered, Users Urged to Update Immediately: January 10, 2013 -- A... [link]
@BlueAirHosting » 10 Jan '13, 4pm
Ruby on Rails Vulnerabilities Discovered, Users Urged to Update Immediately: January 10, 2013 -- A security vuln... [link]
@SkyNoxBackup » 10 Jan '13, 4pm
RT @theWHIR: Ruby on Rails Vulnerabilities Discovered, Users Urged to Update Immediately [link]
@theWHIR » 10 Jan '13, 4pm
Ruby on Rails Vulnerabilities Discovered, Users Urged to Update Immediately [link]
@BenSkyHosting » 10 Jan '13, 4pm
Ruby on Rails Vulnerabilities Discovered, Users Urged to Update Immediately [link]
@Web3Hosting » 10 Jan '13, 4pm
Ruby on Rails Vulnerabilities Discovered, Users Urged to Update Immediately: January 10, 2013 -- A security vuln... [link]
@SherWeb » 10 Jan '13, 4pm
RT @theWHIR: Ruby on Rails Vulnerabilities Discovered, Users Urged to Update Immediately [link]