Sha256: 95fdd13655dd0669bbecc3494cdc50e2696d000f1c411063b8c28106269d6d81
Contents?: true
Size: 619 Bytes
Versions: 1
Compression:
Stored size: 619 Bytes
Contents
--- gem: activerecord cve: 2012-2661 url: http://www.osvdb.org/show/osvdb/82403 title: Ruby on Rails where Method ActiveRecord Class SQL Injection description: | Ruby on Rails (RoR) contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the ActiveRecord class not properly sanitizing user-supplied input to the 'where' method. This may allow an attacker to inject or manipulate SQL queries in an application built on RoR, allowing for the manipulation or disclosure of arbitrary data. cvss_v2: 5.0 patched_versions: - ~> 3.0.13 - ~> 3.1.5 - ">= 3.2.4"
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.1.2 | data/ruby-advisory-db/gems/activerecord/2012-2661.yml |