Sha256: 688b45bf8be919d9569a29f5acf1f24e1779a23dc0412d50551bb013d81cb9df
Contents?: true
Size: 593 Bytes
Versions: 1
Compression:
Stored size: 593 Bytes
Contents
--- url: http://www.osvdb.org/show/osvdb/82610 title: Ruby on Rails ActiveRecord Class Rack Query Parameter Parsing SQL Query Arbitrary IS NULL Clause Injection description: > Ruby on Rails contains a flaw related to the way ActiveRecord handles parameters in conjunction with the way Rack parses query parameters. This issue may allow an attacker to inject arbitrary 'IS NULL' clauses in to application SQL queries. This may also allow an attacker to have the SQL query check for NULL in arbitrary places. cvss_v2: 7.5 patched_versions: - ~> 3.0.13 - ~> 3.1.5 - ">= 3.2.4"
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.1.1 | data/bundler/audit/rails/2012-2660.yml |