Researchers investigating the Rails parameter parsing vulnerability discovered that the same or similar vulnerable code had made its way into multiple other libraries. If your application uses these libraries to process untrusted data, it may still be vulnerable even if you have upgraded Rails. Check your Gemfile and Gemfile.lock for vulnerable versions of the following libraries, and if you are using one, update it immediately.
You can update each of these by using "bundle update <gem name>".
httparty
Vulnerable: <= 0.9.0
Fixed: 0.10.0
extlib
Vulnerable: <= 0.9.15
Fixed: 0.9.16
crack
Vulnerable: <= 0.3.1
Fixed: 0.3.2
nori
Vulnerable: <= 2.0.1, <= 1.1.3, <= 1.0.2
Fixed: 2.0.2, 1.1.4, 1.0.3
Comments
Please sign in to leave a comment.