CVE-2012-6497: Remote attacker can conduct SQL injection attacks
(updated )
Ruby on Rails contains a flaw in the Authlogic gem. The issue is triggered when the program makes an unsafe method call for find_by_id. With a specially crafted parameter in an environment that knows the secret_token value in secret_token.rb, a remote attacker to more easily conduct SQL injection attacks.
References
Detect and mitigate CVE-2012-6497 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →