ADVISORIES
- CVE-2012-6497 (NVD)
- GHSA-rx7j-mw4c-76g9
- OSVDB-89064
GEM
PATCHED VERSIONS
- >= 3.3.0
DESCRIPTION
Ruby on Rails contains a flaw in the Authlogic gem. The issue is triggered when the program makes an unsafe method call for find_by_id. With a specially crafted parameter in an environment that knows the secret_token value in secret_token.rb, a remote attacker to more easily conduct SQL injection attacks.