[LRUG] Security issues in gems
Mark Burns
markthedeveloper at gmail.com
Sat Jan 19 21:59:38 PST 2013
I don't think I've seen any mention on the list, so I thought it would be
worth bringing up. There's a bunch of popular libraries that are affected
by the same parameter parsing vulnerability as Rails was recently.
https://gist.github.com/4532291
If you have most of your projects grouped in folders you can do this to
quickly see if you are vulnerable due to some dependencies (assuming
bundler for everything):
ack "crack|httparty|multi_xml|exlib|nori" */Gemfile.lock
That command could maybe be improved by a bash/regex wizard to parse
version numbers to, but it was sufficiently time saving for me.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20130120/d9ef1ef6/attachment-0003.html>
More information about the Chat
mailing list