securitybreach Posted January 3, 2013 Share Posted January 3, 2013 All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an attacker to inject code into Web applications. The vulnerability is a serious one given the widespread use of the popular framework for developing Web apps, and the maintainers of Ruby on Rails have released new versions that fixes the flaw, versions 3.2.10, 3.1.9 and 3.0.18. Ruby on Rails is a Web framework that's meant to make designing and deploying Web applications easier and simpler. The open-source framework is used by a wide variety of organizations. The advisory from the Ruby on Rails maintainers says that the problem lies in the way that dynamic finders in Active Record extract options from method parameters.... https://threatpost.c...versions-010313 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.