LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

rubygem-rails: SQL injection

Package(s):rubygem-rails CVE #(s):CVE-2008-4094
Created:September 29, 2008 Updated:December 21, 2009
Description:

From Ruby on Rails Security Project:

An SQL Injection vulnerability has been found in Rails. The issue affects Rails < 2.1.1, namely the :limit and :offset parameters that are not correctly sanitized: 

    Person.find(:all, :limit => "10; DROP TABLE users;")
A possible attack will work only if you allow the user control these two values as in User.find(:all, :limit => 10, :offset => params[:offset]). Note that will_paginate is not affected, it escapes the values before.
Alerts:
Gentoo 200912-02 2009-12-20
SuSE SUSE-SR:2008:027 2008-12-09
rPath rPSA-2008-0295-1 2008-10-16
Fedora FEDORA-2008-8282 2008-10-16
Fedora FEDORA-2008-8322 2008-09-27
Fedora FEDORA-2008-8322 2008-09-27
Fedora FEDORA-2008-8322 2008-09-27
Fedora FEDORA-2008-8322 2008-09-27
Fedora FEDORA-2008-8322 2008-09-27
Fedora FEDORA-2008-8322 2008-09-27
Fedora FEDORA-2008-8322 2008-09-27
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds