Bitcoin Forum

Bitcoin => Security and technical support => Topic started by: bitcoinforum.com on January 31, 2013, 05:43:58 PM

Title: Ruby Bitcoin Exchangers at risk?
Post by: bitcoinforum.com on January 31, 2013, 05:43:58 PM
Ruby Bitcoin Exchangers at risk?

Quote
Vulnerability Summary for CVE-2013-0333

Original release date:01/30/2013 Last revised:01/30/2013  Source: US-CERT/NIST

Overview

lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156.
Read the full text on https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0333 (https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0333)
Title: Re: Ruby Bitcoin Exchangers at risk?
Post by: bitcoinforum.com on January 31, 2013, 08:15:53 PM
Quote
Bitcoin Central powers bitcoin-central.net, a bitcoin trading platform. It is:
  • Open Source,
  • Based on Ruby on Rails,
  • Fully localizable,
  • Multi-currency.

https://github.com/davout/bitcoin-central