Candidate: CVE-2008-4094
PublicDate: 2008-09-30 17:22:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4094
Description:
 Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow
 remote attackers to execute arbitrary SQL commands via the (1) :limit and
 (2) :offset parameters, related to ActiveRecord, ActiveSupport,
 ActiveResource, ActionPack, and ActionMailer.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_rails:
upstream_rails: released (2.1.0-4)
dapper_rails: ignored (reached end-of-life)
feisty_rails: needs-triage (reached end-of-life)
gutsy_rails: needs-triage (reached end-of-life)
hardy_rails: ignored (reached end-of-life)
intrepid_rails: needs-triage (reached end-of-life)
jaunty_rails: not-affected (2.1.0-6)
karmic_rails: not-affected (2.1.0-6)
lucid_rails: not-affected (2.1.0-6)
maverick_rails: not-affected (2.1.0-6)
natty_rails: not-affected (2.1.0-6)
devel_rails: not-affected (2.1.0-6)