30 Jan '13, 9pm

Django: 16 vulnerabilities. DoS, XSS, CSRF. Rails: 36. Includes SQL Injection, code execution.

The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (process or thread consumption) via a large TIFF image.

Full article: http://www.cvedetails.com/vulnerability-list/vendor_id-10...

Tweets

Django: 16 vulnerabilities. DoS, XSS, CSRF. Rai...

cvedetails.com 30 Jan '13, 9pm

active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and ...

#toronto Ruby on rails receives the third secur...

news.techworld.com 30 Jan '13, 11am

Developers of the Ruby on Rails web development framework have released versions 3.0.20 and 2.3.16 of the software in orde...

Ruby on Rails receives the third security patch...

news.techworld.com 30 Jan '13, 9am

Developers of the Ruby on Rails web development framework have released versions 3.0.20 and 2.3.16 of the software in orde...

Email newsletter tool (Amazon SES, #Django or R...

freelancer.com 30 Jan '13, 11pm

I’m considering Ruby on Rails or Django as the framework for this project. I need to build a web based email newsletter/ma...

Ruby on Rails receives the third security patch...

networkworld.com 30 Jan '13, 1pm

IDG News Service - Developers of the Ruby on Rails Web development framework released versions 3.0.20 and 2.3.16 of the so...

Ruby on Rails receives third security patch in ...

computerworld.com 30 Jan '13, 9am

IDG News Service - Developers of the Ruby on Rails Web development framework released versions 3.0.20 and 2.3.16 of the so...

Ruby on Rails receives the third security patch in less than a month

Ruby on Rails receives the third security patch...

pcworld.com 29 Jan '13, 9pm

Developers of the Ruby on Rails Web development framework released versions 3.0.20 and 2.3.16 of the software on Monday in...

Ruby on Rails receives its third security patch...

infoworld.com 29 Jan '13, 7pm

Developers of the Ruby on Rails Web development framework released versions 3.0.20 and 2.3.16 of the software on Monday in...

[remote] - Ruby on Rails JSON Processor YAML De...

exploit-db.com 29 Jan '13, 3pm

## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Ple...

Ruby on Rails JSON Processor YAML Deserializati...

packetstormsecurity.com 29 Jan '13, 4pm

This Metasploit module exploits a remote code execution vulnerability in the JSON request processor of the Ruby on Rails a...

#Vulnerabilities Ruby on Rails XML Processor YA...

net-security.org 22 Jan '13, 6pm

active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and ...

#jobs #sql Developer: Salary/Rate: £30000 - £40...

technojobs.co.uk 03 Feb '13, 12pm

Developer - Django, Ruby on Rails, Scala, Play, Java 30,000-40,000 per annum My client, a leading consultancy is actively ...

security

kalzumeus.com 31 Jan '13, 3pm

Many Rails developers have not reacted to this news with the alacrity they should have. (See next question.) These applica...

Troisième mise à jour de sécurité pour Ruby On ...

developpez.com 30 Jan '13, 2pm

Ruby On Rails, le framework Web libre écrit en Ruby reçoit pour la troisième fois consécutive en l’espace d’un mois seulem...

Ruby on Rails 3.0.20 and 2.3.16 Released to Add...

news.softpedia.com 29 Jan '13, 10am

Ruby on Rails 3.0.20 and 2.3.16 have been released. Users are advised to update their installations as soon as possible be...