Ruby on Rails 'convert_json_to_yaml()' Method Security Vulnerability

Ruby on Rails is prone to a security vulnerability related to the JSON parser.

Successful exploits may allow an attacker to bypass certain security restrictions, execute arbitrary code in the context of the affected application, exploit latent vulnerabilities in the underlying database, deny service to legitimate users, or perform unauthorized actions. Other attacks are also possible.

This issue is fixed in:

Ruby on Rails 2.3.16
Ruby on Rails 3.0.20


 

Privacy Statement
Copyright 2010, SecurityFocus