Bitcoin Forum
July 16, 2019, 01:50:58 PM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: To All Rails Developers: SQL Injection Flaw Haunts All Ruby on Rails Versions  (Read 3359 times)
dust
Hero Member
*****
Offline Offline

Activity: 840
Merit: 1000



View Profile WWW
February 01, 2013, 04:56:45 AM
 #21

Good article on HN today: http://www.kalzumeus.com/2013/01/31/what-the-rails-security-issue-means-for-your-startup/

Quote from: Patrick
The first reported compromise of a production system was in an industry which hit the trifecta of amateurs-at-the-helm, seedy-industry-by-nature, and under-constant-attack.

Cryptocoin Mining Info | OTC | PGP | Twitter | freenode: dust-otc | BTC: 1F6fV4U2xnpAuKtmQD6BWpK3EuRosKzF8U
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1563285058
Hero Member
*
Offline Offline

Posts: 1563285058

View Profile Personal Message (Offline)

Ignore
1563285058
Reply with quote  #2

1563285058
Report to moderator
1563285058
Hero Member
*
Offline Offline

Posts: 1563285058

View Profile Personal Message (Offline)

Ignore
1563285058
Reply with quote  #2

1563285058
Report to moderator
1563285058
Hero Member
*
Offline Offline

Posts: 1563285058

View Profile Personal Message (Offline)

Ignore
1563285058
Reply with quote  #2

1563285058
Report to moderator
dust
Hero Member
*****
Offline Offline

Activity: 840
Merit: 1000



View Profile WWW
February 12, 2013, 05:33:13 AM
 #22

Bumping with another rails vulnerability announced today: http://www.zweitag.de/en/blog/ruby-on-rails-vulnerable-to-mass-assignment-and-sql-injection

Cryptocoin Mining Info | OTC | PGP | Twitter | freenode: dust-otc | BTC: 1F6fV4U2xnpAuKtmQD6BWpK3EuRosKzF8U
davout
Legendary
*
Offline Offline

Activity: 1372
Merit: 1002


1davout


View Profile WWW
February 12, 2013, 08:58:56 AM
 #23

FTR it affects only older versions of Rails, if you have upgraded after the last CVE you are not affected.

Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!