Security:February 8, 2013: Rack Vulnerabilities/Medium Risk CVE-2013-0263/CVE-2013-0262

Friday February 8, 2013 7:39am PST/ 3:39pm UTC

Rack Vulnerability

It was brought to our attention that there have been two recent Rack Vulnerabilities via http://rack.github.com/.

CVE-2013-0263:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0263

  • Affected Versions: All Previous Versions
  • Fixed Versions: 1.1.6, 1.2.8, 1.3.10, 1.4.5, 1.5.2

CVE-2013-0262:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0262

  • Versions affected: All versions after 1.4.0
  • Versions fixed: 1.4.5, 1.5.2

What should I do?

Check your Gemfile and Gemfile.lock for vulnerable versions of rack, and if you are using one, update it immediately.

You can update each of these by using "bundle update rack".