7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
70.8%
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.
CPE | Name | Operator | Version |
---|---|---|---|
gem/activerecord | ge | 3.0.0 | |
gem/activerecord | lt | 3.0.4 |
groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain
lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
secunia.com/advisories/43278
securitytracker.com/id?1025063
weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4
www.vupen.com/english/advisories/2011/0877
github.com/advisories/GHSA-jmm9-2p29-vh2w
nvd.nist.gov/vuln/detail/CVE-2011-0448