[LRUG] Serious Vulnerability in all versions of Rails. Upgrade now.

Michael Mokrysz sites at 46bit.com
Tue Jan 8 18:10:00 PST 2013


Mark, that's from the previous vulnerability, which for several reasons was
minor.

*This new vulnerability is about as serious as it gets. SQL Injection, Code
Execution, etc are all possible on any Rails app, and well within the
skills of any script kiddie.*

You want to upgrade or mitigate this as soon as you possibly can.

On Wed, Jan 9, 2013 at 1:45 AM, Mark Burns <markthedeveloper at gmail.com>wrote:

> This gives a useful breakdown of the details
>
>
> http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/
>
>
> On 9 January 2013 06:20, Matthew Rudy Jacobs <matthewrudyjacobs at gmail.com>wrote:
>
>> I guess you all know.
>>
>> But for anyone who hasn't yet heard.
>> All versions of rails need to be upgraded or patched.
>>
>>
>> https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion
>>
>> _______________________________________________
>> Chat mailing list
>> Chat at lists.lrug.org
>> http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>>
>>
>
> _______________________________________________
> Chat mailing list
> Chat at lists.lrug.org
> http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20130109/ab7f8956/attachment-0003.html>


More information about the Chat mailing list