GHSA-xf96-32q2-9rw2, CVE-2008-4094
gem/activerecord
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer.
All versions before 2.1.1
Upgrade to version 2.1.1 or above.
2023-05-29
source |