[LRUG] Serious Vulnerability in all versions of Rails. Upgrade now.
Stephen Bartholomew
stephenbartholomew at gmail.com
Fri Jan 11 08:54:36 PST 2013
All the common exploits leverage Psych's automatic hash instantiation to
run arbitrary code. Because that's not present in 1.8.7 (and early 1.9.2)
I'm struggling to replicate on some older deployments.
Has anyone found other methods being used?
(just to clarify, I'm totally patched/updated - just exploring the exploit
and testing)
S
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20130111/5d73bcad/attachment.html>
More information about the Chat
mailing list