CVE-2011-0448
21.02.2011, 18:00
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.
SQL Injection
Vendor | Product | Version |
---|---|---|
rubyonrails | rails | 3.0.0 |
rubyonrails | rails | 3.0.0 |
rubyonrails | rails | 3.0.0 |
rubyonrails | rails | 3.0.0 |
rubyonrails | rails | 3.0.0 |
rubyonrails | rails | 3.0.0 |
rubyonrails | rails | 3.0.0 |
rubyonrails | rails | 3.0.1 |
rubyonrails | rails | 3.0.1 |
rubyonrails | rails | 3.0.2 |
rubyonrails | rails | 3.0.2 |
rubyonrails | rails | 3.0.3 |
rubyonrails | rails | 3.0.4 |
𝑥
= Vulnerable software versions

Debian Releases

Ubuntu Releases
References