Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Security

+ - All Versions of Ruby on Rails Vulnerable to SQL Injection Attack->

Submitted by hypnosec
hypnosec (2231454) writes "All version of Ruby on Rails bar the three new versions are vulnerable to an SQL injection vulnerability, the developers of the web framework have warned through an advisory. The advisory notes that the vulnerability exists because of the manner in which dynamic finders in ActiveRecord extract options from method parameters. Because of the extraction mechanism an attacker can use a method parameter as a scope, manipulate it carefully and thereby inject arbitrary SQL code leading to an SQL injection. The vulnerability has been assigned the CVE identifier CVE-2012-5664."
Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

All Versions of Ruby on Rails Vulnerable to SQL Injection Attack

Comments Filter:

Computers can figure out all kinds of problems, except the things in the world that just don't add up.

Working...