Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 239548 - dev-ruby/rails<=2.1.1 Multiple SQL injection vulnerabilities (CVE-2008-4094)
Summary: dev-ruby/rails<=2.1.1 Multiple SQL injection vulnerabilities (CVE-2008-4094)
Status: RESOLVED DUPLICATE of bug 237385
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
Whiteboard: B1 [ebuild]
Depends on:
Reported: 2008-10-04 15:16 UTC by Stefan Behte (RETIRED)
Modified: 2008-10-04 15:46 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2008-10-04 15:16:48 UTC
CVE-2008-4094 (
  Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1
  allow remote attackers to execute arbitrary SQL commands via the (1)
  :limit and (2) :offset parameters, related to ActiveRecord,
  ActiveSupport, ActiveResource, ActionPack, and ActionMailer.
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-10-04 15:46:23 UTC

*** This bug has been marked as a duplicate of bug 237385 ***