GHSA-xf96-32q2-9rw2

Source

https://github.com/advisories/GHSA-xf96-32q2-9rw2

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-xf96-32q2-9rw2/GHSA-xf96-32q2-9rw2.json

Aliases

CVE-2008-4094

Published

2017-10-24T18:33:38Z

Modified

2024-02-22T05:31:51.457029Z

Details

Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer.

References

Affected packages

RubyGems / activerecord

Package

Name: activerecord

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.1.1

Affected versions

1.*

1.0.0

1.1.0

1.2.0

1.3.0

1.4.0

1.5.0

1.5.1

1.6.0

1.7.0

1.8.0

1.9.0

1.9.1

1.10.0

1.10.1

1.11.0

1.11.1

1.12.1

1.12.2

1.13.0

1.13.1

1.13.2

1.14.0

1.14.1

1.14.2

1.14.3

1.14.4

1.15.0

1.15.1

1.15.2

1.15.3

1.15.4

1.15.5

1.15.6

2.*

2.0.0

2.0.1

2.0.2

2.0.4

2.0.5

2.1.0