GitHub Advisory DatabaseGHSA-JMM9-2P29-VH2Wactiverecord vulnerable to SQL Injection
0.003 Low
EPSS
Percentile
70.5%
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.
| CPE | Name | Operator | Version |
|---|---|---|---|
| activerecord | lt | 3.0.4 |
References
groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain
lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4
github.com/advisories/GHSA-jmm9-2p29-vh2w
github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474
github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml
nvd.nist.gov/vuln/detail/CVE-2011-0448
web.archive.org/web/20201220214809/securitytracker.com/id?1025063
Related
