Weekly edition	Kernel	Security	Distributions	Contact Us	Search
Archives	Calendar	Subscribe	Write for LWN	LWN.net FAQ	Sponsors

ruby-on-rails: multiple vulnerabilities

Package(s):

rubygem-*

CVE #(s):

CVE-2010-3933 CVE-2011-0448 CVE-2011-0449

Created:

December 7, 2011

Updated:

December 7, 2011

Description:

The Ruby on Rails package suffers from vulnerabilities enabling arbitrary modification of records via crafted form parameters (CVE-2010-3933), SQL injection (CVE-2011-0448), and access restriction bypass (CVE-2011-0449).

Alerts:

openSUSE

openSUSE-SU-2011:1305-1

2011-12-07

(Log in to post comments)