Critical vulnerability in Ruby on Rails parameter parsing
Source: H Security - Posted by Dave Wreski   
Hacks/Cracks The developers of Ruby on Rails are calling on users to update their Rails installations as soon as possible, following the public disclosure of flaws in the parsing of XML-formatted parameters in the Rails framework. The update also fixes an unrelated issue with JSON parameter parsing. Currently no exploits of the flaws are reported to be in the wild, but since the disclosure, that is merely a matter of time. All versions of Rails are affected by the flaw and updates are available in the form of versions 3.2.11, 3.1.10, 3.0.19 and 2.3.15. Where developers cannot update in a timely fashion the advice is to disable XML-formatted parameter support.

Read this full article at H Security

Only registered users can write comments.
Please login or register.

Powered by AkoComment!