UBUNTU-CVE-2017-17916

DISPUTED SQL injection vulnerability in the 'findby' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with...

PT-2017-15097 · Ruby +1 · Ruby On Rails +1

Name of the Vulnerable Software and Affected Versions: Ruby on Rails versions 5.1.4 and earlier Description: A SQL injection issue in the find by method allows remote attackers to execute arbitrary SQL commands via the name parameter. The vendor disputes this issue, citing that the method is not...