Posts Tagged: activerecord
-
Understanding and Fixing CVE-2007-3227: The ActiveRecord to_json XSS Vulnerability
A look back at CVE-2007-3227, examining how ActiveRecord's to_json method in early Rails versions could lead to XSS vulnerabilities.
-
CVE-2008-4094: SQL Injection via limit and offset in Ruby on Rails
An in-depth look at CVE-2008-4094, a high-severity SQL injection vulnerability in early Ruby on Rails versions, and the importance of upgrading legacy systems.