Ruby on Rails Patched Again

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

For the third time this month, the developers of Ruby on Rails have released an update to patch a serious vulnerability.

"The Rails developers described the updates released Monday as 'extremely critical' in a blog post and advised all users of the 3.0.x and 2.3.x Rails software branches to update immediately," writes Computerworld's Lucian Constantin. "According to a corresponding security advisory, the newly released Rails versions address a vulnerability in the Rails JSON (JavaScript Object Notation) code that allows attackers to bypass authentication systems, inject arbitrary SQL (Structured Query Language) into an application's database, inject and execute arbitrary code or perform a denial-of-service (DoS) attack against an application."

"Ruby on Rails has had a bit of a tough go of it on the security front to start off 2013," writes Threatpost's Christoher Brook. "A SQL injection vulnerability affected all builds of the framework earlier this month that could’ve let an attacker inject code into web apps. While that was quickly patched, another problem with the framework emerged a few days later. Bugs surfaced that could have affected the way Ruby on Rails parses some parameters."