On Sep 7, 2009, at 7:43 AM, Chris Dunford wrote:
Security researcher Brian Mastenbrook uncovered a cross-site scripting vulnerability in Ruby on Rails and quickly had injected Javascript code running in Twitter.
"An advisory from the Ruby developers has already been issued, along with patches for Rails 2.0, 2.1, 2.2 and 2.3."
"According to Brian Mastenbrook, the flaw can only be exploited when Safari interacts with RSS feeds."
************************************************************************* ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *************************************************************************
