The party is ON! Join us at TNW Conference 2021 in Amsterdam for face-to-face business!

The heart of tech

This article was published on January 8, 2013

    Critical Rails vulnerabilities discovered, lets attackers bypass authentication, perform DoS attacks

    Critical Rails vulnerabilities discovered, lets attackers bypass authentication, perform DoS attacks Image by: Jupiterimages
    Harrison Weber
    Story by

    Harrison Weber

    Harrison Weber is TNW's Features Editor in NYC. Part writer, part designer. Stay in touch: Twitter @harrisonweber, Google+ and Email. Harrison Weber is TNW's Features Editor in NYC. Part writer, part designer. Stay in touch: Twitter @harrisonweber, Google+ and Email.

    Following earlier security issues, major vulnerabilities have been discovered in Ruby on Rails, the highly popular Ruby framework used by massive services like GitHub and Hulu. The issues, which are the result of weaknesses in “the parameter parsing code,” allow attackers to “bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application.”

    In response to the bug, a Rails patch has been released to resolve these “extremely critical security fixes.” According to the announcement, “all users running an affected release should either upgrade or use one of the work arounds *immediately*.” The following updates are now available: 3.2.11, 3.1.10, 3.0.19 and 2.3.15.

    Rails contributor Aaron Patterson detailed the impact of the issues:

    The parameter parsing code of Ruby on Rails allows applications to automatically cast values from strings to certain data types. Unfortunately the type casting code supported certain conversions which were not suitable for performing on user-provided data including creating Symbols and parsing YAML. These unsuitable conversions can be used by an attacker to compromise a Rails application.

    Given the popularity of Rails, issues such as these are particularly worrisome. The vulnerability was apparently reported by numerous people, including Murphy, Magnus Holm, Felix Wilhelm, Darcy Laycock, Jonathan Rudenberg, Bryan Helmkamp, Benoist Claassen and Charlie Somerville.

    A less-frightening issue regarding unsafe query generation was also announced today.

    For more on past Rails security vulnerabilities, head here. You can also check out TNW’s dedicated Design & Dev channel.

    Image credit: Jupiterimages / Thinkstock