← back
CVE-2011-0448

CVE-2011-0448

EPSS 2.2%
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplainhttp://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.htmlhttp://secunia.com/advisories/43278http://securitytracker.com/id?1025063https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4http://www.vupen.com/english/advisories/2011/0877