Date: Mon, 15 Sep 2008 20:21:40 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com Subject: Re: CVE request: Ruby on Rails <2.1.1 :limit and :offset SQL injection On Sat, 13 Sep 2008, Robert Buchholz wrote: > Ruby 2.1.1 has been released, fixing sanitation in the :limit > and :offset parameters to SQL queries. Use CVE-2008-4094, to be filled in later. - Steve
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ