Get a Pentest and security assessment of your IT network.

News

Rails developers close another “extremely critical”” flaw”

Ruby on Ruby on Rails 3.0.20 and 2.3.16 have been released with one, and only one, “extremely critical security fix” The problem only affects Ruby on rails 3.1.x and 3.2.x branches. Problem is related to the flaw discovered earlier this month where the XML formatted parameters could include YAML serialised data which, when deserialised, would create live objects within the server which could be used to exploit it. Backend of the ActiveSupport. parscher is described as ‘incredibly naive’ in how it converts. text/json requests can be translated into and parsed as YAMl.”]

Source: http://www.h-online.com/security/news/item/Rails-developers-close-another-extremely-critical-flaw-1793511.html

Related posts
News

Ashley Madison 2.0 Hackers Leak 20GB Data Dump, Including CEO's Emails

News

Art of Twitter account hacking

News

Botnet authors use Evernote account as C&C Server

News

Canadian agency breached as hackers exploit CVE-2017-5638 flaw in Apache Struts 2