Skip to content

Multiple vulnerabilities in parameter parsing in Action Pack (CVE-2013-0156)

Created by: zombified

I'm not terribly familiar with Ruby/Rails, so I have a few questions for those that are more knowledgeable:

  1. Does this CVE affect the current stable version (4.0) of Gitlab?
  2. If it does affect the version, how can it be patched (or the ruby/rails version updated) until an official fix is in place?

Here's the notice: https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion

Thank you for your help!