GHSA-jmm9-2p29-vh2w
Suggest an improvement- Source
- https://github.com/advisories/GHSA-jmm9-2p29-vh2w
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-jmm9-2p29-vh2w/GHSA-jmm9-2p29-vh2w.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-jmm9-2p29-vh2w
- Aliases
-
- CVE-2011-0448
- Published
- 2017-10-24T18:33:38Z
- Modified
- 2024-11-28T05:39:45.761595Z
- Summary
- activerecord vulnerable to SQL Injection
- Details
-
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.
- Database specific
{ "nvd_published_at": "2011-02-21T18:00:01Z", "cwe_ids": [ "CWE-89" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:43:51Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2011-0448
- https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474
- https://github.com/rails/rails
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml
- https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063
- http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
- http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4
Affected packages
RubyGems / activerecord
Package
- Name
- activerecord
- Purl
- pkg:gem/activerecord