Vulnerabilities in Ruby-on-Rails Framework & How to prevent it:
Ruby-on-rails—it’s modular, easy-to-read, and broadly supported by legions of loyal developers. Many of the world’s most trafficked websites have relied on Rails to deliver scalable and highly available web services. As per the CVE database:
Arbitrary file existence disclosure in Sprockets
Solutions: To address this vulnerability, you must set config.serve_static_assets = false in an initializer or apply the patch provided by Rails.
Possible Denial of Service attack in Active Support
Active Support provides language extensions and utilities to the framework. Two components—jdom.rb and rexml.rb—are vulnerable when JDOM or REXML are enabled, allowing remote attackers to cause a denial of service (DoS) attack with a specially crafted XML file. This affects versions of Rails before 4.1.11 and 4.2.x before 4.2.2.
Solutions: Remediation involves updating or patching Rails to fix the two vulnerable components.
IP whitelist bypass in Web Console
Rails environments with Web Console enabled are susceptible to spoofing via specially-crafted remote requests. This vulnerability impacts version 2.1.3, as used with Rails 3.x and 4.x.
Solutions: To address this vulnerability, you must upgrade or patch Rails to fix the Web Console’s whitelisted ip’s protection mechanism.
CSRF Vulnerability in jquery-ujs and jquery-rails
jquery-ujs and jquery-rails enables the use jQuery in Rails web applications. Vulnerable versions allow attackers to bypass CSP protections CSRF tokens to attacker domains. All versions of Rails that use jquery-ujs or jquery-rails are affected.
Solutions: Applying the appropriate patches for jquery-ujs abd jquery-rails will effectively remediate this vulnerability.
XSS Vulnerability in ActiveSupport::JSON.encode
This flaw is another Rails Active Support vulnerability, allowing for XSS attacks to be carried out by json/encoding.rb. Impacted versions include Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2.
Applying the appropriate patches will effectively remediate this vulnerability.
Potential Denial of Service Vulnerability in Rack
Rack is a Ruby web server interface that enables the filtering of requests and responses to a Rails application. Specially crafted requests can trigger a SystemStackError and a subsequent DoS. This vulnerability impacts all versions.
To fix this vulnerability, you must either upgrade or apply the appropriate patches.
Arbitrary file existence disclosure in Action Pack
Action Pack consists of two major components: Action View and Action Controller. In this case, a directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb allows remote attackers to determine the existence of files outside the application root. Impacted versions include versions 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3
To prevent this vulnerability from being exploited, you must apply the appropriate security patches or update your version of Rails.
Fixing the above vulnerabilities is crucial to bolstering your Rails web application’s security posture. Our expertise in this matter enables us to be very accurate in terms of our vulnerability finding. At Valency Networks, we understand your web application and perform framework specific checks mentioned above. Our expertise in this matter enables us to be very accurate in terms of our vulnerability finding.