CVE-2008-4094

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in gem/activerecord

Identifiers

GHSA-xf96-32q2-9rw2, CVE-2008-4094

Package Slug

gem/activerecord

Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Description

Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer.

Affected Versions

All versions before 2.1.1

Solution

Upgrade to version 2.1.1 or above.

Last Modified

2023-05-29

source