Vulnerability Database
289,697
Total vulnerabilities in the database
CVE-2011-0448
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.
| Software | From | Fixed in |
|---|---|---|
| rubyonrails / rails | 3.0.0-beta | 3.0.0-beta.x |
| rubyonrails / rails | 3.0.0-beta2 | 3.0.0-beta2.x |
| rubyonrails / rails | 3.0.0-beta3 | 3.0.0-beta3.x |
| rubyonrails / rails | 3.0.0-beta4 | 3.0.0-beta4.x |
| rubyonrails / rails | 3.0.0-rc | 3.0.0-rc.x |
| rubyonrails / rails | 3.0.0-rc2 | 3.0.0-rc2.x |
| rubyonrails / rails | 3.0.1-pre | 3.0.1-pre.x |
| rubyonrails / rails | 3.0.2-pre | 3.0.2-pre.x |
| rubyonrails / rails | 3.0.0 | 3.0.0.x |
| rubyonrails / rails | 3.0.1 | 3.0.1.x |
| rubyonrails / rails | 3.0.2 | 3.0.2.x |
| rubyonrails / rails | 3.0.3 | 3.0.3.x |
| rubyonrails / rails | 3.0.4-rc1 | 3.0.4-rc1.x |
activerecord
|
3.0.0 | 3.0.4 |
- http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
- http://secunia.com/advisories/43278
- http://securitytracker.com/id?1025063
- http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4
- http://www.vupen.com/english/advisories/2011/0877
- https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474