Bumping with another critical vulnerability. Upgrade immediately!
https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ
Topic: To All Rails Developers: SQL Injection Flaw Haunts All Ruby on Rails Versions - page 2. (Read 3466 times)
January 08, 2013, 08:08:57 PM
January 03, 2013, 02:19:01 PM
CVE-2012-5664 for the record
January 03, 2013, 01:44:26 PM
Rails seems to be a popular development language for bitcoin. I think I've been hearing some sql injection attacks lately on some bitcoin websites but here is a story on it. (I've been accused of being a troll here for talking negatively on rails before):
https://threatpost.com/en_us/blogs/sql-injection-flaw-haunts-all-ruby-rails-versions-010313
Mod: Move this to Project Development. I put it in the wrong forum.
Quote
All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an attacker to inject code into Web applications. The vulnerability is a serious one given the widespread use of the popular framework for developing Web apps, and the maintainers of Ruby on Rails have released new versions that fixes the flaw, versions 3.2.10, 3.1.9 and 3.0.18.
https://threatpost.com/en_us/blogs/sql-injection-flaw-haunts-all-ruby-rails-versions-010313
Mod: Move this to Project Development. I put it in the wrong forum.
Jump to: