03 Jan '13, 3pm

All Ruby on Rails versions affected by SQL injection flaw

Three new versions of popular open source web application framework Ruby on Rails have been released on Wednesday in order to fix an SQL injection vulnerability that affected all the previous versions of Rails. "Due to the way dynamic finders in Active Record extract options from method parameters, a method parameter can mistakenly be used as a scope. Carefully crafted requests can use the scope to inject arbitrary SQL," explained the framework's developers. "We're sorry to drop a release like this so close to the holidays but regrettably the exploit has already been publicly disclosed and we don't feel we can delay the release," they concluded. Users are advised to upgrade immediately to one of the newer versions (3.2.10, 3.1.9, and 3.0.18) if possible. If for whatever reason they cannot do it immediately, they should install a patch for their version (3.2, 3.1, 3.0 or 2....

Full article: http://www.net-security.org/secworld.php?id=14173

Tweets

SQL Injection Flaw Haunts All Ruby on Rails Ver...

threatpost.com 03 Jan '13, 3pm

All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an atta...

All Ruby On Rails Versions Suffer SQL Injection...

it.slashdot.org 03 Jan '13, 4pm

"All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an att...

All Ruby On Rails Versions Suffer SQL Injection...

it.slashdot.org 03 Jan '13, 4pm

"All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an att...

SQL Injection Flaw Haunts All Ruby on Rails Ver...

threatpost.com 03 Jan '13, 3pm

All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an atta...

Ruby on Rails security updates address SQL inje...

news.techworld.com 03 Jan '13, 3pm

Ruby on Rails developers have released versions 3.2.10, 3.1.9, and 3.0.18 of the popular web application development frame...

sql injection vulnerability in Active Record in...

permalink.gmane.org 02 Jan '13, 9pm

SQL Injection Vulnerability in Ruby on Rails There is a SQL injection vulnerability in Active Record in ALL versions. This...

Ruby on Rails updates address SQL injection fla...

computerworld.com 03 Jan '13, 3pm

IDG News Service - The developers of Ruby on Rails, a popular open source Web application development framework for the Ru...

SQL injection vulnerability hits all Ruby on Ra...

h-online.com 03 Jan '13, 9am

The Ruby on Rails developers are warning of an SQL injection vulnerability that affects all current versions of the web fr...

Ruby on Rails security updates address SQL inje...

networkworld.com 03 Jan '13, 7pm

IDG News Service - The developers of Ruby on Rails, a popular Web application development framework for the Ruby programmi...

SQL Injection Vulnerability in Ruby on Rails; a...

news.ycombinator.com 02 Jan '13, 9pm

You are going to have problems with this whenever you are composing SQL statement with any type of user-provided data as p...

SQL injection vulnerability hits all Ruby on Ra...

h-online.com 03 Jan '13, 9am

The Ruby on Rails developers are warning of an SQL injection vulnerability that affects all current versions of the web fr...

Ruby on Rails security updates address SQL inje...

infoworld.com 03 Jan '13, 2pm

The developers of Ruby on Rails, a popular Web application development framework for the Ruby programming language, releas...

Ruby on Rails has SQL injection vuln

theregister.co.uk 03 Jan '13, 10pm

The maintainers of Ruby on Rails are warning of an SQL injection vulnerability which affects all versions of the popular W...

#Anonymous #Cyberwar CVE-2012-5664 :All Ruby on...

ehackingnews.com 04 Jan '13, 1am

A SQL Injection vulnerability has been discovered in Ruby on Rails that affects all current versions of the web framework....

Injection SQL sur toutes les versions de Ruby o...

linuxfr.org 03 Jan '13, 5pm

(aka RoR, un framwork de développement web open source populaire et basé sur Ruby) viennent d'émettre une alerte concernan...