Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Watch out for the latest Security Patch to deal authentication bypass for RoRRuby on Rails framework developers have been ...
Upcoming SlideShare
Loading in …5
×

Watch out for the latest security patch to deal authentication bypass for ro r

399 views

Published on

  • Be the first to comment

Watch out for the latest security patch to deal authentication bypass for ro r

  1. 1. Watch out for the latest Security Patch to deal authentication bypass for RoRRuby on Rails framework developers have been continuously releasing security updates sincethe last two weeks. Its recent updates like 3.0.20 and 2.3.16 versions were to address theremote code execution vulnerability. This was the third security patch released this month. Thedevelopers have mentioned that the updates released are extremely important, and haveadvised the users of 3.0.x and 2.3.x rails framework to update as soon as possible.The security update will fix the vulnerability in the Rails JSON code. That allowed the hackers tobypass authentication system and inject random SQL into the application database. Itoccasionally performed denial-of-service attack too. The rails developers have also pointed outthat currently it supports only the 2.3.x, 3.1.x, and 3.2.x versions and might release an updatefor 3.0.x version.Most recent vulnerability was identified as CVE-2013-0333, which was patched in theframework on 8th of Jan. The Ruby on Rails developers using Rails 2.3 and 3.0 are also advisableto install the new fixes even if they have installed the fix for CVE-2013-0156 earlier.Brief SummeryAffected Versions are: 2.3.x, 3.0.xUnaffected Versions are: 3.1.x, 3.2.x, and applications using yajl gemFixed Versions are: 3.0.20, 2.3.16

×