(Dec 30) Peter McLarnan discovered that the internationalization component of Ruby on Rails does not properly encode parameters in generated HTML code, resulting in a cross-site scripting vulnerability. This update corrects the underlying vulnerability in the i18n gem, as provided by [More…]
Posts Tagged Ruby
(Dec 4) Charlie Somerville discovered that Ruby incorrectly handled floating point number conversion. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, [More…]
(Dec 4) Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems: [More…]
(Nov 27) Several security issues were fixed in Ruby.
(Oct 21) Several vulnerabilities were discovered in Rack, a modular Ruby webserver interface. The Common Vulnerabilites and Exposures project identifies the following vulnerabilities: [More…]
(Aug 18) Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems: [More…]
SUMMARY The Apache HTTPD Server Project have released httpd-2.2.25 and httpd-2.4.6 to correct multiple vulnerabilities that were issues CVE’s. Apache HTTP Server 2.2.25 CVE-2013-1896 mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to …