Watch out for the latest Security Patch to deal authentication bypass for RoR

ror411
Social sharing

ror41Ruby on Rails framework developers have been continuously releasing security updates since the last two weeks. Its recent updates like 3.0.20 and 2.3.16 versions were to address the remote code execution vulnerability. This was the third security patch released this month. The developers have mentioned that the updates released are extremely important, and have advised the users of 3.0.x and 2.3.x rails framework to update as soon as possible.

The security update will fix the vulnerability in the Rails JSON code. That allowed the hackers to bypass authentication system and inject random SQL into the application database. It occasionally performed denial-of-service attack too. The rails developers have also pointed out that currently it supports only the 2.3.x, 3.1.x, and 3.2.x versions and might release an update for 3.0.x version.

Most recent vulnerability was identified as CVE-2013-0333, which was patched in the framework on 8th of Jan. The Ruby on Rails developers using Rails 2.3 and 3.0 are also advisable to install the new fixes even if they have installed the fix for CVE-2013-0156 earlier.

 

Brief Summery

  • Affected Versions are: 2.3.x, 3.0.x
  • Unaffected Versions are: 3.1.x, 3.2.x, and applications using yajl gem
  • Fixed Versions are: 3.0.20, 2.3.16

Your recently viewed posts:

    Contact Us

    We’d love to help & work with you




    When do you want to start ?


    Enter your email address to stay up to date with the latest news.
    Holler Box

    Orange Exit pop up

    Subscribe for the latest
    trends in web and
    mobile app development
    Holler Box

    Exit pop up

    Sad to see you leaving early...

    From "Aha" to "Oh shit" we are sharing everything on our journey.
    Enter your email address to stay up to date with the latest news.
    Holler Box