Unsafe Query Generation Risk in Ruby on Rails
Bug #1100162 reported by
Christian Kuersteiner
This bug report is a duplicate of:
Bug #1100188: Unsafe Query Generation Risk in Ruby on Rails.
Edit
Remove
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ruby-actionpack-3.2 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing.
Versions Affected: 3.x series
Not affected: 2.x series
See also: http://
Related branches
CVE References
information type: | Private Security → Public Security |
To post a comment you must log in.
According to https:/ /groups. google. com/forum/ ?fromgroups= #!topic/ rubyonrails- security/ c7jT-EeN9eI all version (as well 2.x) is affected.