Ruby on Rails 3.0 and 2.3 JSON Parser vulnerability

Last Update Date: 29 Jan 2013 17:04 Release Date: 29 Jan 2013 4355 Views

RISK: Medium Risk

Medium Risk

TYPE: Servers - Web Servers

TYPE: Web Servers

A vulnerability has been identified in Ruby on Rails JSON Parser. The JSON code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application.

 

The JSON Parsing code in Rails 2.3 and 3.0 support multiple parsing backends. One of the backends involves transforming the JSON into YAML, and passing that through the YAML parser. Using a specially crafted payload attackers can trick the backend into decoding a subset of YAML.

Impact

  • Denial of Service
  • Remote Code Execution
  • Security Restriction Bypass

System / Technologies affected

  • Ruby on Rails version 2.3.x, 3.0.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to Ruby on Rails version 3.0.20, 2.3.16
  • Workaround:
    • Switching backends to the JSONGem backend. Place this code in an application initializer:
      ActiveSupport::JSON.backend = "JSONGem"
      If you are running Ruby 1.8 you will need to ensure that the `json` or `json_pure` gems are installed and in your application's Gemfile. Ruby 1.9 includes this code already.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Mass Scam Email Impersonating HKCERT Distributing Malware

25 Jan 2013 4308 Views

Next

Apple iOS Multiple Vulnerabilities

30 Jan 2013 4682 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY