CVE-2011-0448

Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.
SQL Injection
Severity
UNKNOWN
AV:N/AC:L/Au:N/C:P/I:P/A:P
Atk. Vector
NETWORK
Atk. Complexity
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
rubyonrailsrails
3.0.0
rubyonrailsrails
3.0.0
rubyonrailsrails
3.0.0
rubyonrailsrails
3.0.0
rubyonrailsrails
3.0.0
rubyonrailsrails
3.0.0
rubyonrailsrails
3.0.0
rubyonrailsrails
3.0.1
rubyonrailsrails
3.0.1
rubyonrailsrails
3.0.2
rubyonrailsrails
3.0.2
rubyonrailsrails
3.0.3
rubyonrailsrails
3.0.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
rails
bullseye (security)
2:6.0.3.7+dfsg-2+deb11u2
fixed
bullseye
2:6.0.3.7+dfsg-2+deb11u2
fixed
bookworm
2:6.1.7.3+dfsg-2~deb12u1
fixed
sid
2:6.1.7.3+dfsg-4
fixed
trixie
2:6.1.7.3+dfsg-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
rails
maverick
not-affected
lucid
not-affected
karmic
not-affected
hardy
not-affected
dapper
not-affected