Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
update_by_case before 0.1.3 vulnerable to sql injection
Vulnerability Description
This Rails gem adds two methods to the ActiveRecord::Base class that allow you to update many records on a single database hit, using a case sql statement for it. Before version 0.1.3 `update_by_case` gem used custom sql strings, and it was not sanitized, making it vulnerable to sql injection. Upgrade to version >= 0.1.3 that uses `Arel` instead to construct the resulting sql statement, with sanitized sql.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Activerecord update_by_case SQL注入漏洞
Vulnerability Description
Activerecord update_by_case是通过单个数据库命中的案例值更新许多记录的Ruby on Rails工具。 Activerecord update_by_case 0.1.3 之前版本存在SQL注入漏洞,该漏洞源于update_by_case使用了自定义的 sql 字符串,没有经过清理。
CVSS Information
N/A
Vulnerability Type
N/A