Skip to content

GitLab

Closed
Created by Leonardo Arena@larenaDeveloper

Vulnerability in ruby-activerecord < 2.3.13 may allow SQL injection

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2930

Solution

- Upgrade to 2.3.13

- Patches:

https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85

(from redmine: issue id 977, created on 2012-01-31, closed on 2012-02-01)

  • Changesets:
    • Revision 49ebdcb8 by Natanael Copa on 2012-01-31T15:56:10Z:
main/ruby-activerecord: security upgrade to 2.3.14 (CVE-2011-2930)

fixes #977
  • Revision caf610bb by Natanael Copa on 2012-01-31T16:04:36Z:
main/ruby-activerecord: security upgrade to 2.3.14 (CVE-2011-2930)

fixes #977
(cherry picked from commit 49ebdcb8aff6bdfa648f9187099c0af96536f438)
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information