|Release Date:||2013-01-28 (Last update can be found below the document title)|
|Description:||Code Injection Attack in Rails Library|
|Criticality Level:||Highly Critical ( Less Critical < Critical < Moderately Critical < Highly Critical )|
Manipulation of data
Exposure of sensitive information
|Systems Affected:||Canvas LMS|
A JSON parsing vulnerability was discovered in the Ruby on Rails 2.3.x library that Canvas uses. Further information is available at https://groups.google.com/d/topic/rubyonrails-security/1h2DR63ViGo/discussion
Fixed in Canvas Cloud. Users of Canvas CV are encouraged to either update to the most recent stable code or apply the patch manually immediately.