Описание
mysql-bunuuid-rails vulnerable to SQL injection
mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2018-18476
- https://github.com/nedap/mysql-binuuid-rails/pull/18
- https://github.com/nedap/mysql-binuuid-rails/commit/9ae920951b46ff0163b16c55d744e89acb1036d4
- https://gist.github.com/viraptor/881276ea61e8d56bac6e28454c79f1e6
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/mysql-binuuid-rails/CVE-2018-18476.yml
Пакеты
Наименование
mysql-binuuid-rails
rubygems
Затронутые версииВерсия исправления
< 1.1.1
1.1.1
Связанные уязвимости
CVSS3: 9.8
nvd
больше 7 лет назад
mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns.