OSVDB-108899: SQL Injection

July 9, 2014

This package contains a flaw that may allow carrying out an SQL injection attack. The issue is due to the /lib/brbackup.rb script not properly sanitizing user-supplied input to the ’name’ parameter. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

References

github.com/rubysec/ruby-advisory-db/blob/master/gems/brbackup/OSVDB-108899.yml

Detect and mitigate OSVDB-108899 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →