7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
59.4%
Jonathan Weiss reports, that it is possible
to perform an SQL injection in Rails applications
via not correctly sanitized :limit and :offset
parameters. It is possible to change arbitrary
values in affected tables or gain access to the
sensitive data.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | rubygem-rails | < 2.2.2 | UNKNOWN |