A security vulnerability has been disclosed in Ruby on Rails, assigned CVE-2013-0333. The vulnerability in the JSON code for Ruby on Rails allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application.
CVE details on the vulnerability can be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0333 Additional detailed information can be found in the following post: https://groups.google.com/d/topic/rubyonrails-security/1h2DR63ViGo Puppet Labs has generated security hotfixes patching the vulnerability for the latest in the 1.x series and 2.x series of Puppet Enterprise. These can be downloaded from the Puppet Labs security page: http://puppetlabs.com/security/cve/cve-2013-0333/. These security fixes will also be included in the forthcoming patch releases of Puppet Enterprise, versions 1.2.6 (security only) and 2.7.1 (security and bug fix). If you have any questions or comments, please get in touch with Puppet Labs Support. We always want your feedback! Regards, Matthaus Owens Puppet Labs -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
