oss-sec mailing list archives
Re: CVE request: Ruby on Rails <2.1.1 :limit and :offset SQL injection
From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 15 Sep 2008 20:21:40 -0400 (EDT)
On Sat, 13 Sep 2008, Robert Buchholz wrote:
Ruby 2.1.1 has been released, fixing sanitation in the :limit and :offset parameters to SQL queries.
Use CVE-2008-4094, to be filled in later. - Steve
Current thread:
- CVE request: Ruby on Rails <2.1.1 :limit and :offset SQL injection Robert Buchholz (Sep 13)
- Re: CVE request: Ruby on Rails <2.1.1 :limit and :offset SQL injection Steven M. Christey (Sep 15)