Sha256: ec4e4744b5cd10ba0dae8a00023c6bf12bb950cc23f7be46bc04d8b0d1347dfd

Contents?: true

Size: 555 Bytes

Versions: 6

Compression:

Stored size: 555 Bytes

Contents

---
gem: activerecord
framework: rails
cve: 2012-6496
osvdb: 88661
url: https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM
title: Ruby on Rails find_by_* Methods Authlogic SQL Injection Bypass
date: 2012-12-22

description: |
  Due to the way dynamic finders in Active Record extract options from method
  parameters, a method parameter can mistakenly be used as a scope.  Carefully
  crafted requests can use the scope to inject arbitrary SQL.

cvss_v2: 6.4

patched_versions:
  - ~> 3.0.18
  - ~> 3.1.9
  - ">= 3.2.10"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/activerecord/OSVDB-88661.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/activerecord/OSVDB-88661.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/activerecord/OSVDB-88661.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/activerecord/OSVDB-88661.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/activerecord/OSVDB-88661.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/activerecord/OSVDB-88661.yml