This post tries to give an overview about the background and impact of the new Rails XML parameter parsing vulnerability patched today. The bug The root cause of the vulnerability is Rails handling of formatted parameters. In addition to standard GET and POST parameter formats, Rails can handle multiple different data encodings inside the body of POST requests. By default JSON and XML are supporte