Actions
Defect #12808
closed
Very Critical RoR Exploit [CVE-2013-0156] - Please Update/Test RedMine2.x for RoR 3.2.11
Status:
Closed
Priority:
Urgent
Assignee:
-
Category:
Rails support
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Resolution:
Invalid
Affected version:
Description
This leak is very dangerours, because you can take over the whole server by http post injection on the api.
See Google Online Discussion
Only RoR-Versions 3.2.11, 3.1.10, 3.0.19 und 2.3.15 are safe at the moment!
There already is a Exploit Kit to easily use for everyone.
Ca u please provide work arounds. Is it enough to close the rest api?
Updated by
Actions