|Category:||Debian Local Security Checks|
|Title:||Debian Security Advisory DSA 2620-1 (rails - several vulnerabilities)|
|Summary:||Two vulnerabilities were discovered in Ruby on Rails, a Ruby framework;for web application development.;;CVE-2013-0276;The blacklist provided by the attr_protected method could be;bypassed with crafted requests, having an application-specific;impact.;;CVE-2013-0277;In some applications, the +serialize+ helper in ActiveRecord;could be tricked into deserializing arbitrary YAML data,;possibly leading to remote code execution.|
Two vulnerabilities were discovered in Ruby on Rails, a Ruby framework
for web application development.
The blacklist provided by the attr_protected method could be
bypassed with crafted requests, having an application-specific
In some applications, the +serialize+ helper in ActiveRecord
could be tricked into deserializing arbitrary YAML data,
possibly leading to remote code execution.
rails on Debian Linux
For the stable distribution (squeeze), these problems have been fixed
in version 2.3.5-1.2+squeeze7.
We recommend that you upgrade your rails packages.
Common Vulnerability Exposure (CVE) ID: CVE-2013-0276|
BugTraq ID: 57896
Debian Security Information: DSA-2620 (Google Search)
RedHat Security Advisories: RHSA-2013:0686
SuSE Security Announcement: openSUSE-SU-2013:0462 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2013-0277
|Copyright||Copyright (C) 2013 Greenbone Networks GmbH http://greenbone.net|
|This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.