|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2013-01-03 01:06:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
Ruby on Rails SQL injection issue
An SQL
injection vulnerability in all Ruby on Rails releases has been
disclosed. "Due to the way dynamic finders in Active Record extract
options from method parameters, a method parameter can mistakenly be used
as a scope. Carefully crafted requests can use the scope to inject
arbitrary SQL." Fixes can be found in the 3.2.10, 3.1.9, and 3.0.18
releases. This seems like a good one to address quickly.
An SQL
injection vulnerability in all Ruby on Rails releases has been
disclosed. "Due to the way dynamic finders in Active Record extract
options from method parameters, a method parameter can mistakenly be used
as a scope. Carefully crafted requests can use the scope to inject
arbitrary SQL." Fixes can be found in the 3.2.10, 3.1.9, and 3.0.18
releases. This seems like a good one to address quickly.
