Looks like the same vulnerability that was found in Devise last week - http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released.
So if you're using Devise just update (or apply the patch for your version). Regards, K. On Wednesday, February 6, 2013 12:12:15 PM UTC+2, Y. Thong Kuah wrote: > > > > ---------- Forwarded message ---------- > From: Fred Wu <[email protected] <javascript:>> > Date: Wed, Feb 6, 2013 at 10:09 PM > Subject: [rails-oceania] If you use MySQL (and Rails)... vulnerability > warning > To: [email protected] <javascript:> > > > Well, here's a vulnerability that's not widespread (yet) and the author's > released the info in public after being told by the rails core team that > it's up to the libraries to fix this: > > http://www.phenoelit.org/blog/archives/2013/02/05/mysql_madness_and_rails/ > > Since not a lot of people are talking about this vulnerability on the > Twitterverse I assume many of you haven't come across it either. > > I've verified that the exploit works, so if you are effected I suggest you > patch your apps immediately (`to_s` on your relevent param would do). > > -Fred > > -- > You received this message because you are subscribed to the Google Groups > "Ruby or Rails Oceania" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > To post to this group, send email to [email protected]<javascript:> > . > Visit this group at http://groups.google.com/group/rails-oceania?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > -- > Best regards, > Y. Thong Kuah > http://kuahyeow.com > > -- You received this message because you are subscribed to the Google Groups "WellRailed" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/wellrailed?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
