Bug#697722: rails: CVE-2013-0156: Multiple vulnerabilities in parameter parsing in Action Pack

Henri Salo Tue, 08 Jan 2013 13:45:14 -0800

Package: rails
Version: 2:2.3.14.2
Severity: grave
Tags: security

http://www.openwall.com/lists/oss-security/2013/01/08/14
https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion


"""
Multiple vulnerabilities in parameter parsing in Action Pack 

There are multiple weaknesses in the parameter parsing code for Ruby on Rails 
which allows attackers to bypass authentication systems, inject arbitrary SQL, 
inject and execute arbitrary code, or perform a DoS attack on a Rails 
application. This vulnerability has been assigned the CVE identifier 
CVE-2013-0156. 

Versions Affected:  ALL versions 
Not affected:       NONE 
Fixed Versions:     3.2.11, 3.1.10, 3.0.19, 2.3.15 
<snip>
"""

This probably affects squeeze and wheezy too. Please contact me in case you 
need any help!

- Henri Salo


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#697722: rails: CVE-2013-0156: Multiple vulnerabilities in parameter parsing in Action Pack

Reply via email to