Lucene search

K
osvGoogleOSV:GHSA-JMM9-2P29-VH2W
HistoryOct 24, 2017 - 6:33 p.m.

activerecord vulnerable to SQL Injection

2017-10-2418:33:38
Google
osv.dev
17

EPSS

0.003

Percentile

70.8%

Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.