Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×
Programming Ruby Security IT

All Ruby On Rails Versions Suffer SQL Injection Flaw 81 81

Trailrunner7 writes with the news as posted at Threatpost (based on this advisory) that "All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an attacker to inject code into Web applications. The vulnerability is a serious one given the widespread use of the popular framework for developing Web apps, and the maintainers of Ruby on Rails have released new versions that fix the flaw, versions 3.2.10, 3.1.9 and 3.0.18. The advisory recommends that users running affected versions, which is essentially anyone using Ruby on Rails, upgrade immediately to one of the fixed versions, 3.2.10, 3.1.9 or 3.0.18. The vulnerability lies specifically in the Ruby on Rails framework, and its presence doesn't mean that all of the apps developed on vulnerable versions are susceptible to the bug."
This discussion has been archived. No new comments can be posted.

All Ruby On Rails Versions Suffer SQL Injection Flaw

Comments Filter:

"May the forces of evil become confused on the way to your house." -- George Carlin

Working...