04 Jan '13, 3pm

Ruby on Rails security updates address SQL injection flaw

January 03, 2013 — IDG News Service — The developers of Ruby on Rails, a popular Web application development framework for the Ruby programming language, released versions 3.2.10, 3.1.9, and 3.0.18 of the software on Wednesday in order to patch a serious SQL injection vulnerability. "These releases contain an important security fix," the Rails development team said in a blog post . "It is recommended that all users upgrade immediately." The vulnerability is located in the framework's Active Record database query interface and allows potential attackers to inject arbitrary SQL (Structured Query Language) statements. SQL injection vulnerabilities are commonly exploited by attackers to extract information from databases. The Rails developers apologized for releasing a security update so close to the holidays, but said that they were forced to rush out a patch because the vuln...

Full article: http://www.csoonline.com/article/725387/ruby-on-rails-sec...

Tweets

Ruby on Rails security updates address SQL inje...

networkworld.com 03 Jan '13, 7pm

IDG News Service - The developers of Ruby on Rails, a popular Web application development framework for the Ruby programmi...

Ruby on Rails security updates address SQL inje...

infoworld.com 03 Jan '13, 2pm

The developers of Ruby on Rails, a popular Web application development framework for the Ruby programming language, releas...

Ruby on Rails SQL Injection Flaw a Non-Issue for Most Organizations #ccureit

Ruby on Rails SQL Injection Flaw a Non-Issue fo...

securityweek.com 04 Jan '13, 12pm

“The Ruby on Rails SQL injection flaw highlighted in CVE-2012-5664 is a non-issue for most organizations and application d...

Ruby on Rails security updates address SQL inje...

news.techworld.com 03 Jan '13, 3pm

Ruby on Rails developers have released versions 3.2.10, 3.1.9, and 3.0.18 of the popular web application development frame...

Ruby on Rails updates address SQL injection fla...

computerworld.com 03 Jan '13, 3pm

IDG News Service - The developers of Ruby on Rails, a popular open source Web application development framework for the Ru...

Unsafe Query Generation Risk in Ruby on Rails (...

groups.google.com 08 Jan '13, 8pm

Dieser Browser wird nicht unterstützt.

Ruby on Rails Security Flaw Severe, but Not Widespread: Researcher

Ruby on Rails Security Flaw Severe, but Not Wid...

eweek.com 04 Jan '13, 1am

A security researcher finds a way to steal information from Web applications designed with Ruby on Rails and using a third...

SQL Injection Flaw Haunts All Ruby on Rails Ver...

threatpost.com 03 Jan '13, 3pm

All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an atta...

SQL Injection Flaw Haunts All Ruby on Rails Ver...

threatpost.com 03 Jan '13, 3pm

All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an atta...

If you develop w/ Ruby on Rails, there's a SQL ...

blog.phusion.nl 04 Jan '13, 1pm

So to inject arbitrary SQL, you need to tamper with the cookie, which requires the HMAC key. The HMAC key is the so-called...

Ruby on Rails: vulnerabilità SQL Injection

blog.html.it 04 Jan '13, 11am

Recentemente è stata individuata una vulnerabilità a carico di Rails SQL che riguarderebbe tutte le versioni di Ruby on Ra...

Ruby on Rails security updates address SQL inje...

csoonline.com 13 Jan '13, 12am

January 03, 2013 — IDG News Service — The developers of Ruby on Rails, a popular Web application development framework for...

All Ruby On Rails Versions Suffer SQL Injection...

it.slashdot.org 03 Jan '13, 4pm

"All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an att...

All Ruby On Rails Versions Suffer SQL Injection...

it.slashdot.org 03 Jan '13, 4pm

"All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an att...

Ruby on Rails has SQL injection vuln

theregister.co.uk 03 Jan '13, 10pm

The maintainers of Ruby on Rails are warning of an SQL injection vulnerability which affects all versions of the popular W...