FreeBSD : rubygem-rails -- SQL injection vulnerability (b4051b52-58fa-11e2-853b-00262d5ed8ee)
High Nessus Plugin ID 63434
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionRuby on Rails team reports :
There is a SQL injection vulnerability in Active Record in ALL versions. Due to the way dynamic finders in Active Record extract options from method parameters, a method parameter can mistakenly be used as a scope. Carefully crafted requests can use the scope to inject arbitrary SQL.
SolutionUpdate the affected package.