** Ruby on Rails update closes vulnerability [ The H Security ]
by on Oct.16, 2010, under Ruby and Rails
October 16th 2010 1:01am
A vulnerability in Rails 2.3.9 and 3.0.0 may allow an attacker to modify arbitrary records. Updates are available for both versions The Ruby on Rails developers have released versions 3.0.1 and 2.3.10 of the web application frameworkclosing a vulnerability in Rails handing of nested attributesspecifically the use of accepts_nested_attributes_forIf an application does not use accepts_nested_attributes_for or uses a version of Rails earlier than 2.3.9then it is not affected by the issueWhere the problem does exist it allows an attacker to manipulate form inputs and make arbitrary changes to records in the systemThe developers say all users running an affected release should upgrade immediately.
From: www.h-online.com
** Ruby on Rails update closes vulnerability [ The H Security ]
