CVE-2011-0448 (retired)

Priority
Description
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the
limit function specify integer values, which makes it easier for remote
attackers to conduct SQL injection attacks via a non-numeric argument.
Notes
Package
Source: rails (LP Ubuntu Debian)
Upstream:released (3.0.4)
More Information

Updated: 2019-10-09 07:35:24 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)