oss-sec mailing list archives

CVE request: Ruby on Rails <2.1.1 :limit and :offset SQL injection

From: Robert Buchholz <rbu () gentoo org>
Date: Sat, 13 Sep 2008 20:20:52 +0200

Hey,

Ruby 2.1.1 has been released, fixing sanitation in the :limit 
and :offset parameters to SQL queries.

References:
http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1
http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/
http://rails.lighthouseapp.com/projects/8994/tickets/288
http://rails.lighthouseapp.com/projects/8994/tickets/964

Attachment: signature.asc
Description: This is a digitally signed message part.

Current thread:

CVE request: Ruby on Rails <2.1.1 :limit and :offset SQL injection Robert Buchholz (Sep 13)
- Re: CVE request: Ruby on Rails <2.1.1 :limit and :offset SQL injection Steven M. Christey (Sep 15)