CVE-2022-35956
The CVE concerns the Rails gem update_by_case, which adds two ActiveRecord::Base methods to update many records in one query using a case statement. The root cause is the use of customized SQL strings in versions prior to 0.1.3, which were not sanitized and allowed SQL injection. Red Hat and othe...