Ruby

http://s.erious.ly
Author Archive
Publishers / Riding Rails

CSRF Protection Bypass in Ruby on Rails

by michael on Feb 8, 2011 No Comments
There is a vulnerability in Ruby on Rails which could allow an attacker to circumvent the CSRF protection provided. This vulnerability has been assigned the CVE Identifier CVE-2011-0447. Versions Affected: 2.1.0 and above Not affe...
Publishers / Riding Rails

New Releases: 2.3.11 and 3.0.4

by michael on Feb 8, 2011 No Comments
Two new versions of Ruby On Rails have been released today. As well as including a number of bugfixes they contain fixes for some security issues. The full details of each of the vulnerabilities are available on the rubyonrails-security ...
Publishers / Riding Rails

Security Vulnerability in Nested Attributes code in Ruby On Rails 2.3.9 and 3.0.0

by michael on Oct 14, 2010 No Comments
There is a vulnerability in the nested attributes handling code in some versions of Ruby on Rails. An attacker could manipulate form parameters and make changes to records other than those the developer intended. This vulnerability has be...
Publishers / Riding Rails

Ruby on Rails 2.3.4: Security Fixes

by michael on Sep 3, 2009 No Comments
We’ve released Ruby on Rails 2.3.4, this release fixes bugs and introduces a few minor features. Due to the inclusion of two security fixes, all users of the 2.3 series are recommended to upgrade as soon as possible. Security Fixes ...
Publishers / Riding Rails

Timing Weakness in Ruby on Rails

by michael on Sep 3, 2009 No Comments
There is a weakness in the code Ruby on Rails uses to verify message digests in the cookie store. Because it uses a non-constant time algorithm to verify the signatures an attacker may be able to determine when a forged signature is parti...
Publishers / Riding Rails

XSS Vulnerability in Ruby on Rails

by michael on Sep 3, 2009 No Comments
There is a vulnerability in the escaping code for the form helpers in Ruby on Rails. Attackers who can inject deliberately malformed unicode strings into the form helpers can defeat the escaping checks and inject arbitrary HTML. Versio...
Publishers / Riding Rails

Minor Changes to the Rails Security Policy

by michael on Jun 16, 2009 No Comments
After reviewing the feedback on the two recent security announcements we’ve made a few minor changes to the Ruby on Rails security policy. The first change we’ve made is to include more information on what to do if you don’t recei...
Publishers / Riding Rails

DoS Vulnerability in Ruby

by michael on Jun 9, 2009 No Comments
A Denial of Service vulnerability has been found and fixed in ruby. The vulnerability is due to the BigDecimal method mishandling certain large input values and can cause the interpreter to crash. This could be used by an attacker to cra......
Publishers / Riding Rails

Security Problem with authenticate_with_http_digest

by michael on Jun 3, 2009 No Comments
A security problem has been reported with the digest authentication code in Ruby on Rails. This vulnerability can allow users to bypass your password protection. This vulnerability has been publicly disclosed on several websites, users a...

Follow seriouslyruby on Twitter!

Sponsorship

© 2010 Ruby. All Rights Reserved.
Powered by WordPress.

Designed by WPSHOWER