SQL injection vulnerability patched in Ruby on Rails
Two SQL injection vulnerabilities were patched in Ruby on Rails, which is an open source Web development framework now used by many developers. Some high profile websites also use this framework. The Ruby on Rails developers recently launched versions 3.2.19, 4.0.7 and 4.1.3, and advised users to upgrade to these versions as soon as possible. And a few hours later, they again released versions 4.0.8 and 4.1.4 to fix problems caused by the 4.0.7 and 4.1.3 updates.
One of the two SQL injection vulnerabilities affects applications running on Ruby versions 2.0.0 through to 3.2.18, which also use the PostgreSQL database system and query bit string data types. Another vulnerability affects applications running on Ruby on Rails versions 4.0.0 to 4.1.2, which use PostgreSQL and querying range data types.
Despite affecting different versions, these two flaws are related and allow attackers to inject arbitrary SQL code using crafted values.