Ruby on Rails fails to properly validate input. This may allow a remote attacker to execute arbitrary code on a vulnerable system.
Ruby on Rails is a web application programming framework. Ruby on Rails 1.1.4 and earlier contain a vulnerability in the processing of user input. Rails 1.0 and earlier are not affected.
A remote attacker may be able to execute arbitrary code on a vulnerable system.
Upgrade or patch
This vulnerability has been addressed in Ruby on Rails 1.1.6.
This vulnerability was publicly reported by David August.
This document was written by Will Dormann.
|Date First Published:||2006-08-11|
|Date Last Updated:||2006-09-08 21:51 UTC|