Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSDB4051B52-58FA-11E2-853B-00262D5ED8EE
HistoryJan 02, 2013 - 12:00 a.m.

rubygem-rails -- SQL injection vulnerability

2013-01-0200:00:00
vuxml.freebsd.org
20
JSON

Ruby on Rails team reports:

There is a SQL injection vulnerability in Active Record in ALL
versions. Due to the way dynamic finders in Active Record extract
options from method parameters, a method parameter can mistakenly
be used as a scope. Carefully crafted requests can use the scope
to inject arbitrary SQL.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchrubygem-rails< 3.2.10UNKNOWN

Related

seebug 1
debian 1
ubuntucve 1
cve 1
openvas 4
suse 5
nessus 1
securityvulns 1
seebug
seebug
Ruby on Rails Authlogic gem SQL注入漏洞
2012-12-28 00:00:00
debian
debian
[SECURITY] [DSA 2597-1] rails security update
2013-01-04 22:11:28
ubuntucve
ubuntucve
CVE-2012-6496
2013-01-04 00:00:00
cve
cve
CVE-2012-5664
2012-12-26 20:55:00
openvas
openvas
openSUSE: Security Advisory for ruby (openSUSE-SU-2013:0280-1)
2013-03-11 00:00:00
SuSE Update for ruby openSUSE-SU-2013:0278-1 (ruby)
2013-03-11 00:00:00
SuSE Update for ruby openSUSE-SU-2013:0280-1 (ruby)
2013-03-11 00:00:00
suse
suse
ruby on rails to 2.3.16 (important)
2013-02-12 10:10:39
ruby on rails to 2.3.16 (important)
2013-02-12 11:04:29
Security update for Ruby on Rails (important)
2013-04-03 20:06:19
nessus
nessus
openSUSE Security Update : ruby (openSUSE-SU-2013:0278-1)
2014-06-13 00:00:00
securityvulns
securityvulns
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2013-01-10 00:00:00
JSON
Related for B4051B52-58FA-11E2-853B-00262D5ED8EE
seebug1debian1ubuntucve1cve1openvas4suse5nessus1securityvulns1