Sha256: a12d9b7ca0c70b4973a4c5a2d4f22792f285a41716a37a525b02b8c436938374

Contents?: true

Size: 553 Bytes

Versions: 5

Compression:

Stored size: 553 Bytes

Contents

---
gem: authlogic
cve: 2012-6497
osvdb: 89064
url: http://osvdb.org/show/osvdb/89064
title: Ruby on Rails Authlogic Gem secret_token.rb Known secret_token Value Weakness
date: 2012-12-21
description: |
  Ruby on Rails contains a flaw in the Authlogic gem. The issue is triggered
  when the program makes an unsafe method call for find_by_id. With a specially
  crafted parameter in an environment that knows the secret_token value in
  secret_token.rb, a remote attacker to more easily conduct SQL injection
  attacks.
patched_versions:
  - ">= 3.3.0"

Version data entries

5 entries across 5 versions & 2 rubygems

Version Path
bundler-budit-0.6.2 data/ruby-advisory-db/gems/authlogic/OSVDB-89064.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/authlogic/OSVDB-89064.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/authlogic/OSVDB-89064.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/authlogic/OSVDB-89064.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/authlogic/OSVDB-89064.yml