CVE-2011-0448
activerecord vulnerable to SQL Injection
EPSS 0.69%
Description
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.
How to fix CVE-2011-0448
To remediate CVE-2011-0448, upgrade the affected package to a fixed version below.
- RubyGems/activerecord—upgrade to 3.0.4 or later
Is CVE-2011-0448 being exploited?
Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 3.0.0, < 3.0.4