04 Jan '13, 9pm

Versões do Ruby on Rails Afetadas por SQL Injection

Versões do Ruby on Rails Afetadas por SQL Injection

Três novas versões do popular framework Ruby on Rails, foi lançada na quarta-feira, a fim de corrigir uma vulnerabilidade de injeção SQL que afetou todas as versões anteriores do Rails. "Devido à forma dinâmica de finders em opções Active Record (métodos de parâmetros), um desses métodos pode ser usado erroneamente como um escopo. Se cuidadosamente trabalhado, o espaço pode ser usado para injeção de SQL arbitrária", explicou os desenvolvedores do framework. Nesse cenário, os usuários são aconselhados a atualizar imediatamente para uma das versões mais recentes (3.2.10, 3.1.9, 3.0.18) se possível. Se por qualquer razão eles não puderem fazê-lo imediatamente, devem instalar um patch para a sua versão (3.2, 3.1, 3.0 ou 2.3). As correções estão disponíveis para download, e uma solução para mitigação de riscos também foi oferecida. Saiba Mais: [1] Net Security http://www.net-se...

Full article: https://under-linux.org/content.php?r=5808-Vers%C3%B5es-d...

Tweets

Ruby on Rails: vulnerabilità SQL Injection

blog.html.it 04 Jan '13, 11am

Recentemente è stata individuata una vulnerabilità a carico di Rails SQL che riguarderebbe tutte le versioni di Ruby on Ra...

Ruby on Rails SQL Injection Flaw a Non-Issue for Most Organizations #ccureit

Ruby on Rails SQL Injection Flaw a Non-Issue fo...

securityweek.com 04 Jan '13, 12pm

“The Ruby on Rails SQL injection flaw highlighted in CVE-2012-5664 is a non-issue for most organizations and application d...

Ruby on Rails: Vulnerabilidade SQL injection pa...

linuxnewmedia.com.br 06 Jan '13, 4pm

Atenção programadores: Os desenvolvedores do Ruby on Rails estão alertando para uma vulnerabilidade do tipo SQL Injection ...

Ruby on Rails security updates address SQL inje...

csoonline.com 04 Jan '13, 3pm

January 03, 2013 — IDG News Service — The developers of Ruby on Rails, a popular Web application development framework for...

Ruby on Rails has SQL injection vuln

theregister.co.uk 03 Jan '13, 10pm

The maintainers of Ruby on Rails are warning of an SQL injection vulnerability which affects all versions of the popular W...

Ruby on Rails SQL injection issue

Ruby on Rails SQL injection issue

lwn.net 03 Jan '13, 1am

Ruby on Rails SQL injection issue [Posted January 3, 2013 by corbet] Ruby on Rails SQL injection issue [Security] Posted J...

All Ruby On Rails Versions Suffer SQL Injection...

it.slashdot.org 03 Jan '13, 4pm

"All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an att...

All Ruby On Rails Versions Suffer SQL Injection...

it.slashdot.org 03 Jan '13, 4pm

"All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an att...

Ruby on Rails updates address SQL injection fla...

computerworld.com 03 Jan '13, 3pm

IDG News Service - The developers of Ruby on Rails, a popular open source Web application development framework for the Ru...

All Ruby on Rails versions affected by SQL inje...

net-security.org 03 Jan '13, 3pm

Three new versions of popular open source web application framework Ruby on Rails have been released on Wednesday in order...

Ruby on Rails security updates address SQL inje...

networkworld.com 03 Jan '13, 7pm

IDG News Service - The developers of Ruby on Rails, a popular Web application development framework for the Ruby programmi...

SQL Injection Flaw Haunts All Ruby on Rails Ver...

threatpost.com 03 Jan '13, 3pm

All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an atta...

Injection SQL sur toutes les versions de Ruby o...

linuxfr.org 03 Jan '13, 5pm

(aka RoR, un framwork de développement web open source populaire et basé sur Ruby) viennent d'émettre une alerte concernan...

sql injection vulnerability in Active Record in...

permalink.gmane.org 02 Jan '13, 9pm

SQL Injection Vulnerability in Ruby on Rails There is a SQL injection vulnerability in Active Record in ALL versions. This...

SQL Injection Flaw Haunts All Ruby on Rails Ver...

threatpost.com 03 Jan '13, 3pm

All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an atta...