Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2013-0155

An interpretation conflict can cause the Active Record component of Rails, a web framework for the Ruby programming language, to truncate queries in unexpected ways. This may allow attackers to elevate their privileges. For the stable distribution (squeeze), this problem has been fixed in version 2.3.5-1.2+squeeze5. We recommend that you upgrade your rails packages.

Source

Debian Security Advisory

DSA-2609-1 rails -- SQL query manipulation

Date Reported:

16 Jan 2013

Affected Packages:

rails

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2013-0155.

More information:

An interpretation conflict can cause the Active Record component of Rails, a web framework for the Ruby programming language, to truncate queries in unexpected ways. This may allow attackers to elevate their privileges.

For the stable distribution (squeeze), this problem has been fixed in version 2.3.5-1.2+squeeze5.

We recommend that you upgrade your rails packages.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

DSA-2609-1 rails -- SQL query manipulation

Debian Security Advisory

DSA-2609-1 rails -- SQL query manipulation

Vulmon Search

About

Products

Connect