Описание
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | not-affected | 3.0.x only |
| devel | not-affected | 3.0.x only |
| hardy | not-affected | 3.0.x only |
| karmic | not-affected | 3.0.x only |
| lucid | not-affected | 3.0.x only |
| maverick | not-affected | 3.0.x only |
| upstream | released | 3.0.4 |
Показывать по
10
Ссылки на источники
7.5 High
CVSS2
Связанные уязвимости
nvd
почти 15 лет назад
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.
debian
почти 15 лет назад
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the ...
7.5 High
CVSS2