CVE-2011-0448 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2011-0448 Interim 1 12 2024-09-09T01:13:02Z current 2021-05-30T12:55:54Z 2024-09-09T01:13:02Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2011-0448 Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2012-March/000065.html E-Mail link for SUSE-SU-2012:0434-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Studio Onsite Runner 1.2 rubygem-actionmailer-2_3-2.3.14-0.7.4.3 rubygem-actionpack-2_3-2.3.14-0.7.4.3 rubygem-activerecord-2_3-2.3.14-0.7.4.3 rubygem-activeresource-2_3-2.3.14-0.7.4.3 rubygem-activesupport-2_3-2.3.14-0.7.4.3 rubygem-rack-1.1.2-0.8.8.3 rubygem-rails-2_3-2.3.14-0.7.4.3 rubygem-actionmailer-2_3-2.3.14-0.7.4.3 as a component of SUSE Studio Onsite Runner 1.2 rubygem-actionpack-2_3-2.3.14-0.7.4.3 as a component of SUSE Studio Onsite Runner 1.2 rubygem-activerecord-2_3-2.3.14-0.7.4.3 as a component of SUSE Studio Onsite Runner 1.2 rubygem-activeresource-2_3-2.3.14-0.7.4.3 as a component of SUSE Studio Onsite Runner 1.2 rubygem-activesupport-2_3-2.3.14-0.7.4.3 as a component of SUSE Studio Onsite Runner 1.2 rubygem-rack-1.1.2-0.8.8.3 as a component of SUSE Studio Onsite Runner 1.2 rubygem-rails-2_3-2.3.14-0.7.4.3 as a component of SUSE Studio Onsite Runner 1.2 Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument. CVE-2011-0448 SUSE Studio Onsite Runner 1.2:rubygem-actionmailer-2_3-2.3.14-0.7.4.3 SUSE Studio Onsite Runner 1.2:rubygem-actionpack-2_3-2.3.14-0.7.4.3 SUSE Studio Onsite Runner 1.2:rubygem-activerecord-2_3-2.3.14-0.7.4.3 SUSE Studio Onsite Runner 1.2:rubygem-activeresource-2_3-2.3.14-0.7.4.3 SUSE Studio Onsite Runner 1.2:rubygem-activesupport-2_3-2.3.14-0.7.4.3 SUSE Studio Onsite Runner 1.2:rubygem-rack-1.1.2-0.8.8.3 SUSE Studio Onsite Runner 1.2:rubygem-rails-2_3-2.3.14-0.7.4.3 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P