13 matches found
openSUSE Security Update : RubyOnRails (openSUSE-SU-2013:0338-1)
The Ruby on Rails 2.3 stack was updated to 2.3.17. The Ruby on Rails 3.2 stack was updated to 3.2.12. The Ruby Rack was updated to 1.1.6. The Ruby Rack was updated to 1.2.8. The Ruby Rack was updated to 1.3.10. The Ruby Rack was updated to 1.4.5. The updates fix various security issues and bugs. ...
Ruby on Rails 远程代码执行漏洞(CVE-2013-0277)
BUGTRAQ ID: 57898 CVECAN ID: CVE-2013-0277 Ruby on Rails简称RoR或Rails,是一个使用Ruby语言写的开源Web应用框架,它是严格按照MVC结构开发的。 Ruby on Rails 3.x、2.3.x中的活动记录允许远程攻击者通过特制的序列化属性造成拒绝服务或执行任意代码,这些特制的属性可造成+serialize+ helper反序列化任意YAML。 0 Ruby on Rails 3.2.x Ruby on Rails 3.1.x Ruby on Rails 2.3.x 厂商补丁: Ruby on Rails...
Fedora Update for rubygem-activerecord FEDORA-2013-2351
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora 17 : rubygem-activerecord-3.0.11-6.fc17 (2013-2351)
Fix for CVE-2013-0277. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...
[SECURITY] [DSA 2620-1] rails security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2620-1 [email protected] http://www.debian.org/security/ Florian Weimer February 12, 2013 http://www.debian.org/security/faq -...
Ruby on Rails Patches DoS, Remote Execution Flaws
Web app framework Ruby on Rails patched two security flaws this week in the open source framework that could have led to denial of service attacks and remote execution vulnerabilities. With builds 3.2.12, 3.1.11 and 2.3.17, the framework fixed a serialized attributes YAML vulnerability...
CVE-2013-0277
ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML...
CVE-2013-0277
ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause YAML deserialization in the serialize helper. Remediation: upgrade to Rails 2.3.17+ (and for 3.x, apply the ...
Debian DSA-2620-1 : rails - several vulnerabilities
Two vulnerabilities were discovered in Ruby on Rails, a Ruby framework for web application development. - CVE-2013-0276 The blacklist provided by the attrprotected method could be bypassed with crafted requests, having an application-specific impact. - CVE-2013-0277 In some applications, the...
[SECURITY] [DSA 2620-1] rails security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2620-1 [email protected] http://www.debian.org/security/ Florian Weimer February 12, 2013 http://www.debian.org/security/faq -...
DSA-2620-1 rails - several
Bulletin has no description...
CVE-2013-0277 rubygem-activerecord: Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0
ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML...
Debian: Security Advisory (DSA-2620-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...