[DRE-maint] Bug#697722: rails: CVE-2013-0156: Multiple vulnerabilities in parameter parsing in Action Pack
Henri Salo
henri at nerv.fi
Tue Jan 8 21:42:46 UTC 2013
Package: rails
Version: 2:2.3.14.2
Severity: grave
Tags: security
http://www.openwall.com/lists/oss-security/2013/01/08/14
https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion
"""
Multiple vulnerabilities in parameter parsing in Action Pack
There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application. This vulnerability has been assigned the CVE identifier CVE-2013-0156.
Versions Affected: ALL versions
Not affected: NONE
Fixed Versions: 3.2.11, 3.1.10, 3.0.19, 2.3.15
<snip>
"""
This probably affects squeeze and wheezy too. Please contact me in case you need any help!
- Henri Salo
More information about the Pkg-ruby-extras-maintainers
mailing list