Home Fake Linus Torvalds

Ruby on Rails SQL injection issue

RailsAn SQL injection vulnerability in all Ruby on Rails releases has been disclosed. "Due to the way dynamic finders in Active Record extract options from method parameters, a method parameter can mistakenly be used as a scope. Carefully crafted requests can use the scope to inject arbitrary SQL." Fixes can be found in the 3.2.10, 3.1.9, and 3.0.18 releases. This seems like a good one to address quickly...Read more at LWN



Subscribe to Comments Feed

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board