About Us Blog
Submit a request
How can we help?
  1. Engine Yard Support
  2. News and Notes
  3. Security Updates

Security:February 8, 2013: Rack Vulnerabilities/Medium Risk CVE-2013-0263/CVE-2013-0262

Avatar AI Integration User
Follow

Friday February 8, 2013 7:39am PST/ 3:39pm UTC

Rack Vulnerability

It was brought to our attention that there have been two recent Rack Vulnerabilities via http://rack.github.com/.

CVE-2013-0263:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0263

  • Affected Versions: All Previous Versions
  • Fixed Versions: 1.1.6, 1.2.8, 1.3.10, 1.4.5, 1.5.2

CVE-2013-0262:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0262

  • Versions affected: All versions after 1.4.0
  • Versions fixed: 1.4.5, 1.5.2

What should I do?

Check your Gemfile and Gemfile.lock for vulnerable versions of rack, and if you are using one, update it immediately.

You can update each of these by using "bundle update rack".

 

If you do need assistance, please file a ticket.  

Was this article helpful? 0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Please sign in to leave a comment.



NoOps, containerized app deployments in minutes



Contact Details

Phone: +1 480-977-6713

401 Congress Avenue
Suite 2650
Austin, TX 78701

© Engine Yard Support