Scan for free your assets for this vulnerability
It is easy and free to get started with Mageni and it can be installed in Windows, macOS and Linux.
Processing. Please wait...
No credit card necessary
Debian Security Advisory DSA 2613-1 (rails - insufficient input validation)
Lawrence Pit discovered that Ruby on Rails, a web development framework, is vulnerable to a flaw in the parsing of JSON to YAML. Using a specially crafted payload attackers can trick the backend into decoding a subset of YAML. The vulnerability has been addressed by removing the YAML backend and adding the OkJson backend.
rails on Debian Linux
This check tests the installed software version using the apt package manager.
For the stable distribution (squeeze), this problem has been fixed in version 2.3.5-1.2+squeeze6. For the testing distribution (wheezy), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 2.3.14-6 of the ruby-activesupport-2.3 package. The 3.2 version of rails as found in Debian wheezy and sid is not affected by the problem. We recommend that you upgrade your rails packages.
Common Vulnerabilities and Exposures (CVE)
Know your vulnerabilities for free. Start using Mageni today.
Mageni can help you to find, assess and manage your vulnerabilities.Get Started for Free