Hacker News new | comments | show | ask | jobs | submit login

Are you referring to the OP? The OP states:

> There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application. This vulnerability has been assigned the CVE identifier CVE-2013-0156.

I'm stating direct knowledge of the vulnerability. It's worse than SQL injection.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact