Archives - 29 January 2013, Tuesday - OpenRuby.com

Follow @openruby

Archives - 29 January 2013, Tuesday

Ronin - Rails PoC exploit for CVE-2013-0333

ronin-ruby.github.com 29 Jan '13, 6am

$ rails_omakase http://localhost:3000/secrets "puts 'lol'" lol Started POST "/secrets" for 127.0.0.1 at 2013-01-28 18:53:18 -0800 Processing by SecretsController#show as Parameters: {"_json"=>#<ActionDispatch::Routing::RouteSet::NamedRouteCollection:0x00000002221080 @routes={:"foo\nen...
Related:
1. who was the joker that did this? @postmodern_mod3 @homakov rubygems.org 30 Jan '13, 8am
2. Weitere kritische Lücke in Ruby on Rails geschlossen | heise online heise.de 29 Jan '13, 1pm
3. Weitere kritische Lücke in Ruby on Rails geschlossen | heise Security heise.de 29 Jan '13, 2pm
4. Ruby on Rails JSON Processor YAML Deserialization Code Execution exploit-db.com 29 Jan '13, 3pm
5. Some Versions of Ruby on Rails Vulnerable to New Parsing Attack threatpost.com 29 Jan '13, 6pm
6. JVNVU#90935667: Ruby on Rails の JSON 解析処理に脆弱性 jvn.jp 29 Jan '13, 3am
Weitere kritische Lücke in Ruby on Rails geschlossen | heise online

heise.de 29 Jan '13, 1pm

Das Ruby-Entwicklerteam hat eine sehr kritische Lücke in dem Web-Framework Ruby on Rails (RoR) geschlossen, durch die ein Angreifer Code in den Server einschleusen kann. Wer einen Server mit RoR betreibt, sollte umgehend handeln, da bereits passende Exploits kursieren. Betroffen sind ...
Related:
1. Weitere kritische Lücke in Ruby on Rails geschlossen | heise Security heise.de 29 Jan '13, 2pm
2. В Ruby on Rails устранена очередная критическая уязвимость: Разработчики ус... securitylab.ru 29 Jan '13, 11pm
3. Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3 groups.google.com 28 Jan '13, 9pm
4. Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3 groups.google.com 28 Jan '13, 9pm
5. Ronin - Rails PoC exploit for CVE-2013-0333 ronin-ruby.github.com 29 Jan '13, 6am
6. JVNVU#90935667: Ruby on Rails の JSON 解析処理に脆弱性 jvn.jp 29 Jan '13, 3am
7. Ruby on Rails | Graphic Design | Ruby & Ruby on Rails freelancer.com 04 Feb '13, 8am
8. Ruby on Rails JSON Processor YAML Deserialization Code Execution exploit-db.com 29 Jan '13, 3pm
Metasploit: Serialization Mischief Redux: Explo... | SecurityStreet

community.rapid7.com 29 Jan '13, 10pm

This afternoon, another scary advisory was posted to the Ruby on Rails security discussion list. Fortunately, this one doesn't affect any Metasploit products. The previous advisory (that HD talked about here ) dealt with Rails parameter parsing of XML from a POST request. The short ve...
Related:
1. Ruby on Rails JSON Processor YAML Deserialization Code Execution: ## # This... securitylab.ru 29 Jan '13, 10pm
2. who was the joker that did this? @postmodern_mod3 @homakov rubygems.org 30 Jan '13, 8am
Vers gat in Ruby on Rails laat malware binnen

webwereld.nl 29 Jan '13, 8am

Het nieuwe lek raakt oudere versies van Ruby on Rails (RoR): de 2.3- en 3.0-reeks. De meest actuele versie is 3.2.11 die op 8 januari is uitgebracht, volgend op de openbaarmaking van een groot SQL-injectiegat in het ontwikkel- en ontwerpplatform voor webapplicaties. Omzeilen, injecter...
Related:
1. В Ruby on Rails устранена очередная критическая уязвимость: Разработчики ус... securitylab.ru 29 Jan '13, 11pm
2. Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3 groups.google.com 28 Jan '13, 9pm
3. Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3 groups.google.com 28 Jan '13, 9pm
4. JVNVU#90935667: Ruby on Rails の JSON 解析処理に脆弱性 jvn.jp 29 Jan '13, 3am
5. Ruby on Rails | Graphic Design | Ruby & Ruby on Rails freelancer.com 04 Feb '13, 8am
6. de match tussen freelancer en opdrachtgever. freelance.nl 28 Jan '13, 8pm
7. Ruby on Rails の JSON のパラメータ解析の脆弱性により任意のコードを実行される脆弱性（CVE-2013-0333）に関する検証レポート security.intellilink.co.jp 01 Feb '13, 5am
8. Some Versions of Ruby on Rails Vulnerable to New Parsing Attack threatpost.com 29 Jan '13, 6pm
Some Versions of Ruby on Rails Vulnerable to New Parsing Attack

threatpost.com 29 Jan '13, 6pm

A vulnerability exists in Ruby on Rails’ JavaScript Object Notation (JSON) code that could open the Web framework up to a slew of security problems. Patches were published yesterday, but if left unpatched, the vulnerability could let attackers bypass authentication systems, inject arb...
Related:
1. Ruby on Rails receives the third security patch in less than a month pcworld.com 29 Jan '13, 9pm
2. Ruby on Rails receives the third security patch this month - Techworld.com news.techworld.com 30 Jan '13, 9am
3. Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3 groups.google.com 28 Jan '13, 9pm
4. Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3 groups.google.com 28 Jan '13, 9pm
5. В Ruby on Rails устранена очередная критическая уязвимость: Разработчики ус... securitylab.ru 29 Jan '13, 11pm
6. Ruby on Rails receives its third security patch in less than a month | Secu... infoworld.com 29 Jan '13, 7pm
7. Ruby-coloured glasses: XML-YAML-parsing security fix for older versions of ... rubyglasses.blogspot.com 27 Jan '13, 3am
8. Ruby on Rails receives the third security patch this month - Techworld.com news.techworld.com 30 Jan '13, 11am
Ruby on Rails receives the third security patch in less than a month

pcworld.com 29 Jan '13, 9pm

Developers of the Ruby on Rails Web development framework released versions 3.0.20 and 2.3.16 of the software on Monday in order to address a critical remote code execution vulnerability. This is the third security update released in January for Ruby on Rails , an increasingly popular...
Related:
1. Ruby on Rails receives its third security patch in less than a month | Secu... infoworld.com 29 Jan '13, 7pm
2. Ruby on Rails receives the third security patch in less than a month networkworld.com 30 Jan '13, 1pm
3. Ruby on Rails receives third security patch in less than a month - Computer... computerworld.com 30 Jan '13, 9am
4. Internet Cable DSL PC Malware Free Removal Download: Ruby on Rails receives... free-malware-removal.blogspot.com 29 Jan '13, 10pm
5. Ruby on Rails receives the third security patch this month - Techworld.com news.techworld.com 30 Jan '13, 9am
6. Ruby on Rails receives the third security patch this month - Techworld.com news.techworld.com 30 Jan '13, 11am
7. Spyware & Virus Removal Service | PCNix Toronto Computer Repair pcnix.ca 30 Jan '13, 2pm
8. Some Versions of Ruby on Rails Vulnerable to New Parsing Attack threatpost.com 29 Jan '13, 6pm
Integrated Online Network Survey Tool | Amazon Web Services | HTML5 | MySQL | PHP | Ruby & Ruby on Rails

freelancer.com 29 Jan '13, 1am

FiftyOne North is a management consultancy that specialises in unlocking business outcomes by connecting people, strategy, and investments. We have developed a proprietary assessment methodology to reveal how organisational networks impact business performance. We are seeking a softwa...
Related:
1. Configure my EC2 server ASAP! | Amazon Web Services | PHP | Ruby & Ruby on ... freelancer.com 28 Jan '13, 11am
Ruby on Railsに新たな脆弱性、アップデートやパッチの適用を - ITmedia エンタープライズ

itmedia.co.jp 29 Jan '13, 5am

Ruby on RailsのJSON解析処理に脆弱性（JVN） Rails 3.0.20, and 2.3.16 have been released! Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3
Related:
1. Ruby on Railsに新たな脆弱性、アップデートやパッチの適用を（ITmedia エンタープライズ） - Yahoo!ニュース headlines.yahoo.co.jp 29 Jan '13, 5am
2. Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3 groups.google.com 28 Jan '13, 9pm
3. Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3 groups.google.com 28 Jan '13, 9pm
4. Ruby 2.0.0-rc2 rubyflow.ru 09 Feb '13, 10am
JVNVU#90935667: Ruby on Rails の JSON 解析処理に脆弱性

jvn.jp 29 Jan '13, 3am

Ruby on Rails [SEC][ANN] Rails 3.0.20, and 2.3.16 have been released! Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3
Related:
1. Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3 groups.google.com 28 Jan '13, 9pm
2. Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3 groups.google.com 28 Jan '13, 9pm
3. Ruby on Rails の JSON のパラメータ解析の脆弱性により任意のコードを実行される脆弱性（CVE-2013-0333）に関する検証レポート security.intellilink.co.jp 01 Feb '13, 5am
4. Ruby on Rails JSON Processor YAML Deserialization Code Execution exploit-db.com 29 Jan '13, 3pm
5. Ruby on Rails JSON Processor YAML Deserialization Code Execution ≈ Packet S... packetstormsecurity.com 29 Jan '13, 4pm
6. Ruby on Rails Programming | Ruby & Ruby on Rails freelancer.com 28 Jan '13, 9pm
7. В Ruby on Rails устранена очередная критическая уязвимость: Разработчики ус... securitylab.ru 29 Jan '13, 11pm
8. Vers gat in Ruby on Rails laat malware binnen webwereld.nl 29 Jan '13, 8am
2013 Resume | Resume Builder

resume.linkedinlabs.com 29 Jan '13, 1pm

I am a software engineer with over 8 years of experience in frontend and backend web development, data engineering and machine learning. I am passionate about agile development, continuous integration and code reviews. I am interested in open source, open web standards, and digital ri...
Related:
1. Ruby on Rails JSON Processor YAML Deserialization Code Execution exploit-db.com 29 Jan '13, 3pm
2. Some Versions of Ruby on Rails Vulnerable to New Parsing Attack threatpost.com 29 Jan '13, 6pm
Episode #340 - January 29th, 2013

ruby5.envylabs.com 29 Jan '13, 6pm

January 25th, 2013 PartyFoul gem opens GitHub issues for Rails exceptions … GitHub code search improvements … Curly template language … Rails path matching with JavaScript … Twitter’s SecureHeaders gems … Custom RSpec example groups … punch and pie. January 22nd, 2013 Stretch your Ela...
Ruby on Rails JSON Processor YAML Deserialization Code Execution ≈ Packet Storm

packetstormsecurity.com 29 Jan '13, 4pm

This Metasploit module exploits a remote code execution vulnerability in the JSON request processor of the Ruby on Rails application framework. This vulnerability allows an attacker to instantiate a remote object, which in turn can be used to execute any ruby code remotely in the cont...
Related:
1. Ruby on Rails JSON Processor YAML Deserialization Code Execution exploit-db.com 29 Jan '13, 3pm
2. Ruby on Rails JSON Processor YAML Deserialization Code Execution: ## # This... securitylab.ru 29 Jan '13, 10pm
3. Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3 groups.google.com 28 Jan '13, 9pm
4. Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3 groups.google.com 28 Jan '13, 9pm
5. Ruby on Rails JSON Processor YAML Deserialization Code Execution net-security.org 03 Feb '13, 7am
6. JVNVU#90935667: Ruby on Rails の JSON 解析処理に脆弱性 jvn.jp 29 Jan '13, 3am
7. Ruby on Rails の JSON のパラメータ解析の脆弱性により任意のコードを実行される脆弱性（CVE-2013-0333）に関する検証レポート security.intellilink.co.jp 01 Feb '13, 5am
8. Ruby on Rails XML Processor YAML Deserialization Code Execution net-security.org 22 Jan '13, 6pm
Ruby on Rails 3.0.20 and 2.3.16 Released to Address Extremely Critical Vulnerability

news.softpedia.com 29 Jan '13, 10am

Ruby on Rails 3.0.20 and 2.3.16 have been released. Users are advised to update their installations as soon as possible because the new releases address an extremely critical vulnerability. Ruby on Rails 2.3.x and Ruby on Rails 3.0.x are affected by the security hole. The vulnerabilit...
Related:
1. [SEC][ANN] Rails 3.0.20, and 2.3.16 have been released! weblog.rubyonrails.org 28 Jan '13, 9pm
2. Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3 groups.google.com 28 Jan '13, 9pm
3. Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3 groups.google.com 28 Jan '13, 9pm
4. Troisième mise à jour de sécurité pour Ruby On Rails en un mois, Rails 3.0.... developpez.com 30 Jan '13, 2pm
5. Ruby on Rails receives the third security patch this month - Techworld.com news.techworld.com 30 Jan '13, 9am
6. Some Versions of Ruby on Rails Vulnerable to New Parsing Attack threatpost.com 29 Jan '13, 6pm
7. Ruby on Rails receives the third security patch in less than a month pcworld.com 29 Jan '13, 9pm
8. Ruby 2.0.0-rc2 is released ruby-lang.org 08 Feb '13, 2pm
Internet Cable DSL PC Malware Free Removal Download: Ruby on Rails receives the third security patch in less than a month

free-malware-removal.blogspot.com 29 Jan '13, 10pm

Internet Cable DSL PC Malware Free Removal Download Remove Adware Spyware and Viruses Yourself Easily!
Related:
1. Ruby on Rails receives the third security patch in less than a month pcworld.com 29 Jan '13, 9pm
2. Ruby on Rails receives its third security patch in less than a month | Secu... infoworld.com 29 Jan '13, 7pm
3. Ruby on Rails receives the third security patch in less than a month networkworld.com 30 Jan '13, 1pm
4. Ruby on Rails receives third security patch in less than a month - Computer... computerworld.com 30 Jan '13, 9am
5. Ruby on Rails receives the third security patch this month - Techworld.com news.techworld.com 30 Jan '13, 9am
6. Ruby on Rails receives the third security patch this month - Techworld.com news.techworld.com 30 Jan '13, 11am
7. Spyware & Virus Removal Service | PCNix Toronto Computer Repair pcnix.ca 30 Jan '13, 2pm
gem install queryable_array

rubyflow.com 29 Jan '13, 7pm

gem install queryable_array Posted by shuber on January 29, 2013 — 1 comment Provides a simplified DSL allowing arrays of objects to be searched by their attributes https://github.com/shuber/queryable_array Comments There's some discussion about it over at reddit.com/r/ruby shuber...
Weitere kritische Lücke in Ruby on Rails geschlossen | heise Security

heise.de 29 Jan '13, 2pm

Das Ruby-Entwicklerteam hat eine sehr kritische Lücke in dem Web-Framework Ruby on Rails (RoR) geschlossen, durch die ein Angreifer Code in den Server einschleusen kann. Wer einen Server mit RoR betreibt, sollte umgehend handeln, da bereits passende Exploits kursieren. Betroffen sind ...
Related:
1. Weitere kritische Lücke in Ruby on Rails geschlossen | heise online heise.de 29 Jan '13, 1pm
2. Ruby on Rails receives the third security patch in less than a month pcworld.com 29 Jan '13, 9pm
3. Ruby on Rails receives the third security patch this month - Techworld.com news.techworld.com 30 Jan '13, 9am
4. В Ruby on Rails устранена очередная критическая уязвимость: Разработчики ус... securitylab.ru 29 Jan '13, 11pm
5. Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3 groups.google.com 28 Jan '13, 9pm
6. Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3 groups.google.com 28 Jan '13, 9pm
7. Ruby on Rails receives its third security patch in less than a month | Secu... infoworld.com 29 Jan '13, 7pm
8. Ruby on Rails receives third security patch in less than a month - Computer... computerworld.com 30 Jan '13, 9am
Ruby on Rails JSON Processor YAML Deserialization Code Execution

exploit-db.com 29 Jan '13, 3pm

## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ## require 'msf/core' class Metasploit3 < Msf::Explo...
Related:
1. Ruby on Rails JSON Processor YAML Deserialization Code Execution ≈ Packet S... packetstormsecurity.com 29 Jan '13, 4pm
2. Ruby on Rails JSON Processor YAML Deserialization Code Execution: ## # This... securitylab.ru 29 Jan '13, 10pm
3. Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3 groups.google.com 28 Jan '13, 9pm
4. Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3 groups.google.com 28 Jan '13, 9pm
5. Ruby on Rails JSON Processor YAML Deserialization Code Execution net-security.org 03 Feb '13, 7am
6. JVNVU#90935667: Ruby on Rails の JSON 解析処理に脆弱性 jvn.jp 29 Jan '13, 3am
7. Ruby on Rails の JSON のパラメータ解析の脆弱性により任意のコードを実行される脆弱性（CVE-2013-0333）に関する検証レポート security.intellilink.co.jp 01 Feb '13, 5am
8. Ruby on Rails Programming | Ruby & Ruby on Rails freelancer.com 28 Jan '13, 9pm
Developer - Your Net Works, Inc.

jobs.37signals.com 29 Jan '13, 3am

A San Francisco based social media company is looking for a Ruby on Rails Developer for a full time contract for an online multi-language social media application.We have designed and created an awesome Ruby-on-Rails system.We are looking for someone to help us to take it to next leve...
Related:
1. Ruby on Rails Programming | Ruby & Ruby on Rails freelancer.com 28 Jan '13, 9pm
2. Developer contractjob.net 04 Feb '13, 11am
3. Developer position is located in Seattle Washington | San Francisco | eBay ... bayarea.ebayclassifieds.com 28 Jan '13, 12pm
4. de match tussen freelancer en opdrachtgever. freelance.nl 28 Jan '13, 8pm
5. В Ruby on Rails устранена очередная критическая уязвимость: Разработчики ус... securitylab.ru 29 Jan '13, 11pm
6. Become a Ruby on Rails Developer: An Intensive 5 Week Course skillshare.com 30 Jan '13, 7pm
7. Jon Ku - Rails Developer youtube.com 31 Jan '13, 10pm
Are all Ruby built-in objects thread safe?

ruby-forum.com 29 Jan '13, 10pm

Just Another Victim of the Ambient Morality wrote: > Are all built-in objects thread safe? For example, if I have an array > and one thread is constant appending to it while another thread is shifting > elements off of it and there's no synchronization going on, can the array > object...
Jobs | Lunar Logic - launching high-orbit web apps since 2004

jobs.lunarlogicpolska.com 29 Jan '13, 9am

We’re looking for hotshot Ruby on Rails programmers . If you live and breathe Ruby, we bet you'll like working with us - we eat Ruby for breakfast, dinner and supper. And dessert. Are you up for it? All you need is just 2 years of experience in Ruby on Rails and communicative English....
Checkout API Enhancements

spreecommerce.com 29 Jan '13, 8pm

Posted January 29, 2013 by John Dyer Comments The Spree team has been working hard the last few months to make our API really robust. In November we announced the complete refactoring of the API to include a brand new Backbone.js based administration interface and a new documentation ...
В Ruby on Rails устранена очередная критическая уязвимость: Разработчики устранили опасную уязвимость в Ruby on ...

securitylab.ru 29 Jan '13, 11pm
Related:
1. Some Versions of Ruby on Rails Vulnerable to New Parsing Attack threatpost.com 29 Jan '13, 6pm
2. Ruby on Rails JSON Processor YAML Deserialization Code Execution exploit-db.com 29 Jan '13, 3pm
3. JVNVU#90935667: Ruby on Rails の JSON 解析処理に脆弱性 jvn.jp 29 Jan '13, 3am
4. Weitere kritische Lücke in Ruby on Rails geschlossen | heise Security heise.de 29 Jan '13, 2pm
5. Weitere kritische Lücke in Ruby on Rails geschlossen | heise online heise.de 29 Jan '13, 1pm
6. 【セキュリティニュース】「Ruby on Rails」に深刻な脆弱性 - 今月2度目のアップデート：Security NEXT security-next.com 29 Jan '13, 6am
7. Vers gat in Ruby on Rails laat malware binnen webwereld.nl 29 Jan '13, 8am
8. Developer - Your Net Works, Inc. jobs.37signals.com 29 Jan '13, 3am
Ruby on Rails receives its third security patch in less than a month | Security - InfoWorld

infoworld.com 29 Jan '13, 7pm

Developers of the Ruby on Rails Web development framework released versions 3.0.20 and 2.3.16 of the software on Monday in order to address a critical remote code execution vulnerability. This is the third security update released in January for Ruby on Rails, an increasingly popular ...
Related:
1. Ruby on Rails receives the third security patch in less than a month pcworld.com 29 Jan '13, 9pm
2. Ruby on Rails receives third security patch in less than a month - Computer... computerworld.com 30 Jan '13, 9am
3. Ruby on Rails receives the third security patch in less than a month networkworld.com 30 Jan '13, 1pm
4. Internet Cable DSL PC Malware Free Removal Download: Ruby on Rails receives... free-malware-removal.blogspot.com 29 Jan '13, 10pm
5. Ruby on Rails receives the third security patch this month - Techworld.com news.techworld.com 30 Jan '13, 9am
6. Ruby on Rails receives the third security patch this month - Techworld.com news.techworld.com 30 Jan '13, 11am
7. Spyware & Virus Removal Service | PCNix Toronto Computer Repair pcnix.ca 30 Jan '13, 2pm
8. Some Versions of Ruby on Rails Vulnerable to New Parsing Attack threatpost.com 29 Jan '13, 6pm
Ruby on Rails JSON Processor YAML Deserialization Code Execution: ## # This file is part of the Metasploit Frame...

securitylab.ru 29 Jan '13, 10pm
Related:
1. Ruby on Rails JSON Processor YAML Deserialization Code Execution exploit-db.com 29 Jan '13, 3pm
2. Ruby on Rails JSON Processor YAML Deserialization Code Execution ≈ Packet S... packetstormsecurity.com 29 Jan '13, 4pm
3. Metasploit: Serialization Mischief Redux: Explo... | SecurityStreet community.rapid7.com 29 Jan '13, 10pm
4. Ruby on Rails XML Processor YAML Deserialization Code Execution net-security.org 22 Jan '13, 6pm
Ruby on Railsに新たな脆弱性、アップデートやパッチの適用を（ITmedia エンタープライズ） - Yahoo!ニュース

headlines.yahoo.co.jp 29 Jan '13, 5am

「Foxit Advanced PDF Editor」にバッファオーバーフローの脆弱性（JVN）（ScanNetSecurity ） 8時0分「WebYaST」にホスト一覧を改ざんされる脆弱性、パッチの適用を（JVN）（ScanNetSecurity ） 8時0分 Ruby on Railsで任意のRubyコードが実行される脆弱性の検証レポート（NTTデータ先端技術）写真（ScanNetSecurity ） 25日(金)14時44分
Related:
1. Ruby on Railsに新たな脆弱性、アップデートやパッチの適用を - ITmedia エンタープライズ itmedia.co.jp 29 Jan '13, 5am
【セキュリティニュース】「Ruby on Rails」に深刻な脆弱性 - 今月2度目のアップデート：Security NEXT

security-next.com 29 Jan '13, 6am

「Ruby on Rails」に深刻な脆弱性 - 今月2度目のアップデート「Ruby on Rails」に深刻な脆弱性が見つかり、アップデートが公開された。1月8日に公開されたアップデートとは異なる内容のため注意する必要がある。同ソフトにおける「JSON」の解析処理に脆弱性「CVE-2013-0333」が判明したもの。1月8日に「Action Pack」の脆弱性2件を修正するアップデートが公開されたばかりだが、それとは異なる脆弱性が見つかったという。脆弱性情報サイトJVNによれば、インターネット経由で脆弱性に対する攻撃が可能で、悪用された場合、任意のコードを...
Related:
1. В Ruby on Rails устранена очередная критическая уязвимость: Разработчики ус... securitylab.ru 29 Jan '13, 11pm
2. Ruby on Rails | Graphic Design | Ruby & Ruby on Rails freelancer.com 04 Feb '13, 8am
3. Ruby on Rails の JSON のパラメータ解析の脆弱性により任意のコードを実行される脆弱性（CVE-2013-0333）に関する検証レポート security.intellilink.co.jp 01 Feb '13, 5am
4. Installing Ruby on Rails on Windows 7 vía @codejobs codejobs.biz 09 Feb '13, 6am
5. Ruby on Rails receives the third security patch in less than a month pcworld.com 29 Jan '13, 9pm
6. Ruby on Rails receives the third security patch this month - Techworld.com news.techworld.com 30 Jan '13, 9am
7. JVNVU#90935667: Ruby on Rails の JSON 解析処理に脆弱性 jvn.jp 29 Jan '13, 3am