2 matches found
GHSA-33WH-W4M7-C6R8 update_by_case before 0.1.3 can be vulnerable to sql injection
Before version 0.1.3 updatebycase gem used custom sql strings, and it was not sanitized, making it vulnerable to sql injection. Upgrade to version = 0.1.3 that uses Arel instead to construct the resulting sql statement, with sanitized sql...
update_by_case before 0.1.3 can be vulnerable to sql injection
Before version 0.1.3 updatebycase gem used custom sql strings, and it was not sanitized, making it vulnerable to sql injection. Upgrade to version = 0.1.3 that uses Arel instead to construct the resulting sql statement, with sanitized sql...