You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Jan 19, 2023. It is now read-only.
CVE-2017-17916 (NVD): SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.
CVE-2017-17917 (NVD): SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.
In Dependency Track this component CPE cpe:2.3:a:activerecord:activerecord:7.0.3.1:*:*:*:*:*:*:* clearly defines component name and version. Both vulnerabilities are related with Rails < 5.1.4 and do not apply to this component.
Vulnerability URL
Component URL
Description
In Dependency Track this component CPE
cpe:2.3:a:activerecord:activerecord:7.0.3.1:*:*:*:*:*:*:*clearly defines component name and version. Both vulnerabilities are related with Rails < 5.1.4 and do not apply to this component.