rails

2009-01-21

Page content

Author: Miklos Vajna
Vulnerable: 2.1.0-1
Unaffected: 2.1.1-1solaria1

Some vulnerabilities have been reported in Ruby on Rails, which can be exploited by malicious people to conduct SQL injection attacks. The vulnerabilities are caused due to Active Record not properly sanitising the “:offset” and “:limit” parameters before using them in SQL queries. This can be exploited to manipulate SQL queries by injecting SQL code.

Bug Tracker URL: http://bugs.frugalware.org/task/3368

CVEs:

No CVE, see http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1.