Two high-risk vulnerabilities have been discovered:
(CVE-2013-0155) There is a vulnerability when Active Record is
used in conjunction with JSON parameter parsing.
Due to the way Active Record interprets parameters in combination
with the way that JSON parameters are parsed, it is possible for an
attacker to issue unexpected database queries with "IS NULL" or
empty "WHERE" clauses. This issue does not let an attacker insert
arbitrary values into an SQL query, however they can cause the
query to check for NULL or eliminate a WHERE clause when most users
would not expect it.
(CVE-2013-0156) There are multiple weaknesses in the parameter
parsing code for Ruby on Rails which allows attackers to bypass
authentication systems, inject arbitrary SQL, inject and execute
arbitrary code, or perform a DoS attack on a Rails application.
The parameter parsing code of Ruby on Rails allows applications to
automatically cast values from strings to certain data types.
Unfortunately the type casting code supported certain conversions
which were not suitable for performing on user-provided data
including creating Symbols and parsing YAML. These unsuitable
conversions can be used by an attacker to compromise a Rails
application.