Potential SQL Injection with limit in rails/activerecord
Published: October 24, 2017
SECURITY IDENTIFIERS
- CVE: CVE-2011-0448 (NVD)
- GHSA: GHSA-jmm9-2p29-vh2w
- Vendor Advisory: http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4
GEM
FRAMEWORK
SEVERITY
CVSS v2.0: 7.5 (High)
UNAFFECTED VERSIONS
< 3.0.0
PATCHED VERSIONS
~> 2.3.11
> 3.0.4
DESCRIPTION
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.
RELATED
- https://nvd.nist.gov/vuln/detail/CVE-2011-0448
- http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4
- https://groups.google.com/g/rubyonrails-security/c/tliQLPa_Tu0/m/rUCt9kyGGU4J
- https://github.com/advisories/GHSA-jmm9-2p29-vh2w
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
- https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43278
- https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1025063