Developers fix new critical vulnerability in Ruby On Rails

Posted: January 30, 2013 in IT Security News
Tags: , ,

Ruby on RailsDevelopers have eliminated dangerous vulnerability in Ruby on Rails, which allows the execution of arbitrary code on the system.

Developers of the popular framework has released a security update that fixes a critical vulnerability in the output JSON data. The vulnerability allows an attacker to execute arbitrary code via a specially crafted HTTP POST request containing the JSON code to insert YAML.

Vulnerabilities affect versions Ruby on Rails 3.0.19 or 2.3.15. Earlier versions may also be affected by this vulnerability.

Recall that a few weeks ago in the network has an exploit that uses a vulnerability in the XML handler for Ruby on Rails. So this is the second dangerous vulnerability in the framework, in January of this year. Last year, for the Ruby on Rails SecurityLab.ru released 5 security notifications, which have been described 10 vulnerabilities. None of the vulnerabilities in 2012, is not at a high risk rating.

The vulnerability is available at: http://malwarelist.net/2013/01/30/execution-of-arbitrary-code-in-ruby-on-rails/

We encourages our readers to establish the last version of the software 3.0.20 or 2.3.16 from a site of the producer.

Manufacturer URL: http://rubyonrails.org/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s