The developers of Ruby on Rails have released versions 3.2.12, 3.1.11 and 2.3.17. Ruby on Rails 3.2.12 and 3.1.11 fix one security issue, while 2.3.17 addresses two additional vulnerabilities.
The first vulnerability (CVE-2013-0276) affects the attr_protected method in ActiveRecord and it could be exploited by an attacker to circumvent the protection and alter records by using a specially crafted request.
The second issue refers to a serialized attributes YAML issue that could be leveraged by cybercriminals for a denial-of-service (DOS) attack and even to remotely execute arbitrary code.
Finally, the latest updates address a DOS and unsafe object creation vulnerability in JSON.
Users are advised to update their installations as soon as possible to avoid any unfortunate incidents.
Ruby on Rails
is available for download here