----
Chef & Rails CVE-2014-3482
// Chef Blog
At 17:11 UTC, the Rails security team publicized CVE-2014-3482 and CVE-2014-3483. In short, this vulnerability is related to the PostgreSQL adapater in ActiveRecord. A bug in the SQL quoting code could allow an attacker to carefully craft a request and execute a SQL injection. Only applications which query against bitstring or range type columns were vulnerable.
After a careful investigation of our various services, both internal and external, we concluded that no Chef Software products are vulnerable to CVE-2014-3482/3.
We take security very seriously at Chef Software. In accordance with our responsible disclosure policy, please email security (at) getchef.com to bring vulnerabilities to our attention.
----
Shared via my feedly reader
Sent from my iPhone
No comments:
Post a Comment