Lucene search

Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-43B8453B54AA7168DA7EDDB7411433A0

HistoryOct 24, 2017 - 12:00 a.m.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

2017-10-2400:00:00

https://gitlab.com/gitlab-org/security-products/gemnasium-db

gitlab.com

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.8%

JSON

Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.

Affected configurations

Vulners

Node

gemactiverecordRange3.0.0≥

gemactiverecordRange<3.0.4

CPENameOperatorVersion
gem/activerecordge3.0.0
gem/activerecordlt3.0.4

CPE	Name	Operator	Version
	gem/activerecord	ge	3.0.0
	gem/activerecord	lt	3.0.4

References

groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain

lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html

secunia.com/advisories/43278

securitytracker.com/id?1025063

weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4

www.vupen.com/english/advisories/2011/0877

github.com/advisories/GHSA-jmm9-2p29-vh2w

nvd.nist.gov/vuln/detail/CVE-2011-0448

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.8%

JSON

Related for GITLAB-43B8453B54AA7168DA7EDDB7411433A0