‫ Ruby multi_xml Gem XML Parameter Parsing Vulnerability

IRCAD2013012420
 
ID: IRCAD2013012420
Release Date: 2013-01-11
Criticality level: Highly critical
 
Software:
multi_xml gem for Ruby 0.x
 
Description:
A vulnerability has been reported in the multi_xml gem for Ruby, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an error when parsing XML parameters, which allows symbol and yaml types to be a part of the request and can be exploited to execute arbitrary commands.
 
Solution
Update to version 0.5.2.
 
References:
 
 
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 24 دی 1391

امتیاز

امتیاز شما
تعداد امتیازها:0