Ruby on Rails Security

Some Versions of Ruby on Rails Vulnerable to New Parsing Attack

A vulnerability exists in Ruby on Rails’ JavaScript Object Notation (JSON) code that could open the Web framework up to a slew of security problems. Patches were published yesterday, but if left unpatched, the vulnerability could let attackers bypass authentication systems, inject arbitrary SQL code, inject and execute arbitrary code and perform a denial of service attack on a Ruby on Rails app.

Ruby Closes XSS Flaw With Update

The Ruby developers have issued version 1.9.1-p430 of the Ruby programming language, a security update that addresses a cross-site scripting (XSS) vulnerability. Read the full article. [The H Security]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.