FreeBSD : rubygem-activerecord -- multiple vulnerabilities (748aa89f-d529-11e1-82ab-001fd0af1a4c)
Medium Nessus Plugin ID 60101
SynopsisThe remote FreeBSD host is missing a security-related update.
Descriptionrubygem-activerecord -- multiple vulernabilities
Due to the way Active Record interprets parameters in combination with the way that Rack parses query parameters, it is possible for an attacker to issue unexpected database queries with 'IS NULL' where clauses. This issue does *not* let an attacker insert arbitrary values into a SQL query, however they can cause the query to check for NULL where most users wouldn't expect it.
Due to the way Active Record handles nested query parameters, an attacker can use a specially crafted request to inject some forms of SQL into your application's SQL queries.
SolutionUpdate the affected package.