Sha256: 0492c760c23a1bf62bf78cf17044f7473a5d62485f45fea9f3272e45686af1c5

Contents?: true

Size: 740 Bytes

Versions: 6

Compression:

Stored size: 740 Bytes

Contents

---
gem: activerecord-jdbc-adapter
platform: jruby
osvdb: 114854
url: http://osvdb.org/show/osvdb/114854
title: |
  ActiveRecord-JDBC-Adapter (AR-JDBC) lib/arjdbc/jdbc/adapter.rb sql.gsub()
  Function SQL Injection
date: 2013-02-25
description: |
  ActiveRecord-JDBC-Adapter (AR-JDBC) contains a flaw that may allow carrying
  out an SQL injection attack. The issue is due to the sql.gsub() function in
  lib/arjdbc/jdbc/adapter.rb not properly sanitizing user-supplied input before
  using it in SQL queries. This may allow a remote attacker to inject or
  manipulate SQL queries in the back-end database, allowing for the
  manipulation or disclosure of arbitrary data.
unaffected_versions:
  - "< 1.2.6"
patched_versions:
  - ">= 1.2.8"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/activerecord-jdbc-adapter/OSVDB-114854.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/activerecord-jdbc-adapter/OSVDB-114854.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/activerecord-jdbc-adapter/OSVDB-114854.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/activerecord-jdbc-adapter/OSVDB-114854.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/activerecord-jdbc-adapter/OSVDB-114854.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/activerecord-jdbc-adapter/OSVDB-114854.yml