The Ruby on Rails Action Pack framework is susceptible to authentication bypass, SQL injection, arbitrary code execution, or denial of service.
The Ruby on Rails advisory states:
"Multiple vulnerabilities in parameter parsing in Action Pack
A Ruby on Rails application that uses Action Pack is susceptible to authentication bypass, SQL injection, arbitrary code execution or denial of service.
Apply an Update
The Ruby on Rails advisory states the following workarounds:
Ruby on Rails
This vulnerability was reported to the Ruby on Rails security team by Ben Murphy, Magnus Holm, Felix Wilhelm, Darcy Laycock, Jonathan Rudenberg, Bryan Helmkamp, Benoist Claassen and Charlie Somerville.
This document was written by Jared Allar.
|Date First Published:||2013-01-08|
|Date Last Updated:||2013-01-11 23:19 UTC|