User: Password:
|
|
Subscribe / Log in / New account

Two new (one "critical") Ruby on Rails vulnerabilities

Two new (one "critical") Ruby on Rails vulnerabilities

Posted Jan 10, 2013 2:36 UTC (Thu) by bronson (subscriber, #4806)
Parent article: Two new (one "critical") Ruby on Rails vulnerabilities

It appears that Rails's desire to accept any input and the assumption "user input can never be a symbol" are in ongoing conflict.

Likely both are wrong. Nobody accepts parameters as XML or YAML so why do these code paths exist at all?

I really hope they clean up the root problem in Rails 4. All this patching is getting tiresome.


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds