Ruby on Rails Multiple Vulnerability

Last Update Date: 4 Dec 2013 09:30 Release Date: 4 Dec 2013 3117 Views

RISK: Medium Risk

Medium Risk

TYPE: Servers - Web Servers

TYPE: Web Servers

Multiple vulnerabilities were identified in Ruby on Rails. A remote user can cause denial of service conditions, conduct cross-site scripting attacks, and generate unsafe queries.

 

Several scripts do not properly filter HTML code from user-supplied input before displaying the input. A remote user can cause arbitrary scripting code to be executed by the target user's browser.

Impact

  • Denial of Service
  • Remote Code Execution
  • Information Disclosure

System / Technologies affected

  • 3.x prior to 3.2.16;
  • 4.0.0, 4.0.1

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • The vendor has issued a fix (3.2.16, 4.0.2).

Vulnerability Identifier

Source

Related Link

Share with

Previous

D-Link Router Authentication Bypass Backdoor Vulnerability

15 Oct 2013 3490 Views

Next

JBoss Enterprise Application Platform Multiple Vulnerbilities

5 Dec 2013 3074 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY