Sha256: fa115c837544527eb2c4507033a8914747295915e33dce88f7ec1582d940a4a5

Contents?: true

Size: 555 Bytes

Versions: 6

Compression:

Stored size: 555 Bytes

Contents

---
gem: brbackup
osvdb: 108899
url: http://osvdb.org/show/osvdb/108899
title: brbackup Gem for Ruby /lib/brbackup.rb name Parameter SQL Injection
date: 2014-07-09
description: |
  brbackup Gem for Ruby contains a flaw that may allow carrying out an SQL
  injection attack. The issue is due to the /lib/brbackup.rb script not
  properly sanitizing user-supplied input to the 'name' parameter. This may
  allow a remote attacker to inject or manipulate SQL queries in the back-end
  database, allowing for the manipulation or disclosure of arbitrary data.

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/brbackup/OSVDB-108899.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/brbackup/OSVDB-108899.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/brbackup/OSVDB-108899.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/brbackup/OSVDB-108899.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/brbackup/OSVDB-108899.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/brbackup/OSVDB-108899.yml