Your one-stop web resource providing safety and security information to manufacturers

Ruby on Rails fixed three vulnerabilities with their new releases 4.0.3, 3.2.17 and 4.1.0.beta2 that take care of a data injection, cross-site scripting and denial of service issues.

The developers said the vulnerabilities fixed in 3.2.17 have the following identifiers: CVE-2014-0081 and CVE-2014-0082. In Ruby 4.0.3, developers fixed the issues with the CVE-2014-0080 and CVE-2014-0081.

Spoofing Bug Infests Uploader Software
GitHub Hit by DDoS Attack, Again
Top 10 DDoS Attack Trends
More Malware Working in Cloud

In 4.1.0.beta2, the list of security fixes includes CVE-2014-0080 and CVE-2014-0081.

CVE-2014-0080 is a data injection vulnerability impacting Active Record. The flaw can end up exploited to add data to array columns in PostgreSQL databases.

Cyber Security

CVE-2014-0081 refers to a cross-site scripting (XSS) vulnerability in the “number_to_currency,” “number_to_percentage” and “number_to_human” helpers.

CVE-2014-0082 is a denial-of-service (DoS) issue in Action View. The issues has an impact on the text rendering component in Action View.

Users should update their installations as soon as possible.

Pin It on Pinterest

Share This