Entries with tag sql injection vulnerabilities.

Developers Find, Patch Ruby on Rails Vulnerabilities

Developers of Ruby on Rails have found and patched two SQL injection vulnerabilities in the popular open-source Web development framework. These bugs enable SQL injection attacks, in which a hacker inserts a malicious SQL query from a client to an application with a database on the back end. Successful attacks let hackers read or modify information in a database, execute administration operations on the database, or even issue commands to the host machine’s operating system. The first vulnerability targets Rails 2.0.0 to 3.2.18 using the PostgreSQL database system and query bit string data types. The second affects applications running on Rails 4.0.0 to 4.1.2 when using PostgreSQL and querying range data types. To eliminate the problems, the Rails developers released versions 3.2.19, 4.0.7 and 4.1.3, and then versions 4.0.8 and 4.1.4 to fix a problem caused by the 4.0.7 and 4.1.3 updates. They released patches for users unable to immediately upgrade. (PC World)

Showing 1 result.