[LRUG] Serious Vulnerability in all versions of Rails. Upgrade now.
Matthew Rudy Jacobs
matthewrudyjacobs at gmail.com
Wed Jan 9 02:13:21 PST 2013
On 9 Jan, 2013 4:30 AM, "Najaf Ali" <ali at happybearsoftware.com> wrote:
>
> +1, this vulnerability allows you to run more or less whatever code you
like in any application, even if you don't have controllers.
I think this bit is interesting.
Parameters get parsed before a route is matched. And this vulnerability
occurs right at this point.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20130109/36b53dad/attachment-0003.html>
More information about the Chat
mailing list