oss-sec mailing list archives
CVE request: Ruby on Rails <2.1.1 :limit and :offset SQL injection
From: Robert Buchholz <rbu () gentoo org>
Date: Sat, 13 Sep 2008 20:20:52 +0200
Hey, Ruby 2.1.1 has been released, fixing sanitation in the :limit and :offset parameters to SQL queries. References: http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1 http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/ http://rails.lighthouseapp.com/projects/8994/tickets/288 http://rails.lighthouseapp.com/projects/8994/tickets/964
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- CVE request: Ruby on Rails <2.1.1 :limit and :offset SQL injection Robert Buchholz (Sep 13)
- Re: CVE request: Ruby on Rails <2.1.1 :limit and :offset SQL injection Steven M. Christey (Sep 15)