Sha256: 49ecea51748c9bb98772dd024bb52611839fb2eb11f2fc47efdc4b143d12fcfa
Contents?: true
Size: 566 Bytes
Versions: 1
Compression:
Stored size: 566 Bytes
Contents
--- gem: authlogic cve: 2012-6497 osvdb: 89064 url: https://nvd.nist.gov/vuln/detail/CVE-2012-6497 title: Ruby on Rails Authlogic Gem secret_token.rb Known secret_token Value Weakness date: 2012-12-21 description: | Ruby on Rails contains a flaw in the Authlogic gem. The issue is triggered when the program makes an unsafe method call for find_by_id. With a specially crafted parameter in an environment that knows the secret_token value in secret_token.rb, a remote attacker to more easily conduct SQL injection attacks. patched_versions: - ">= 3.3.0"
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.7.0.1 | data/ruby-advisory-db/gems/authlogic/CVE-2012-6497.yml |