2 matches found
Sql injection
This Rails gem adds two methods to the ActiveRecord::Base class that allow you to update many records on a single database hit, using a case sql statement for it. Before version 0.1.3 updatebycase gem used custom sql strings, and it was not sanitized, making it vulnerable to sql injection. Upgrad...
CVE-2007-3227
Cross-site scripting XSS vulnerability in the tojson ActiveRecord::Basetojson function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values...