Ruby on Rails CVE-2013-0156 Multiple Security Vulnerabilities

Ruby on Rails is prone to multiple security vulnerabilities because it fails to properly sanitize user-supplied input. These vulnerabilities include a security-bypass vulnerability, an SQL-injection vulnerability, a denial-of service vulnerability, and an arbitrary code execution vulnerability.

An attacker can exploit these vulnerabilities to bypass certain security restrictions, execute arbitrary code in the context of the affected application, exploit latent vulnerabilities in the underlying database, deny service to legitimate users, or perform unauthorized actions. Other attacks are also possible.

These issues are fixes in:

Ruby on Rails 2.3.15
Ruby on Rails 3.0.19
Ruby on Rails 3.1.10
Ruby on Rails 3.2.11


Privacy Statement
Copyright 2010, SecurityFocus