Ruby on Rails Fixes Vulnerabilities

Thursday, February 20, 2014 @ 05:02 PM gHale

Ruby on Rails fixed three vulnerabilities with their new releases 4.0.3, 3.2.17 and 4.1.0.beta2 that take care of a data injection, cross-site scripting and denial of service issues.

The developers said the vulnerabilities fixed in 3.2.17 have the following identifiers: CVE-2014-0081 and CVE-2014-0082. In Ruby 4.0.3, developers fixed the issues with the CVE-2014-0080 and CVE-2014-0081.

Spoofing Bug Infests Uploader Software
GitHub Hit by DDoS Attack, Again
Top 10 DDoS Attack Trends
More Malware Working in Cloud

In 4.1.0.beta2, the list of security fixes includes CVE-2014-0080 and CVE-2014-0081.

CVE-2014-0080 is a data injection vulnerability impacting Active Record. The flaw can end up exploited to add data to array columns in PostgreSQL databases.

CVE-2014-0081 refers to a cross-site scripting (XSS) vulnerability in the “number_to_currency,” “number_to_percentage” and “number_to_human” helpers.

CVE-2014-0082 is a denial-of-service (DoS) issue in Action View. The issues has an impact on the text rendering component in Action View.

Users should update their installations as soon as possible.

Leave a Reply

You must be logged in to post a comment.