Rails SQL injection vulnerability | Brightbox Ruby Blog

Rails SQL injection vulnerability 3 Jan 13

A security problem affecting all versions of Rails has been discovered. The vulnerability affects apps which use dynamic finders with Active Record.

The original bug report has more detail about this vulnerability – CVE-2012-5664.

Customers who are able to, should upgrade to one of the new versions of Rails listed in the bug report (3.2.10, 3.1.9, or 3.0.18). Otherwise, you should audit your apps’ code for instances of dynamic finders, with a view to applying the workaround.

1 Comment

5 months ago Rails JSON and XML security bugs | Brightbox Ruby Blog said:

[...] JSON and XML security bugsRails SQL injection vulnerabilityNew Relic Agent vulnerabilityPassenger 3.0.17 and NGINX 1.2.3 packages for UbuntuPassenger 3.0.14 [...]

Comments are now closed.

Recent blog posts

Ubuntu 12.04 LTS “Precise” now available
about 1 month ago
Ubuntu 12.04 LTS “Precise” beta testing
2 months ago
Another Rails JSON security bug
4 months ago
Rails JSON and XML security bugs
5 months ago
Rails SQL injection vulnerability
5 months ago
New Relic Agent vulnerability
6 months ago

Flickr (more...)

RSS feeds

Recent Wiki updates

System Status feed

Wiki | Forums | Terms & Conditions | Privacy | Site Map

Copyright © 2011 Brightbox Systems Ltd. All rights reserved