rails

github/rails

Fork 0

mirror of https://github.com/github/rails.git synced 2026-01-14 09:07:58 -05:00

Commit Graph

Author	SHA1	Message	Date
Ernie Miller	8355abf153	Additional fix for CVE-2012-2661 While the patched PredicateBuilder in 3.1.5 prevents a user from specifying a table name using the `table.column` format, it doesn't protect against the nesting of hashes changing the table context in the next call to build_from_hash. This fix covers this case as well.	2012-06-08 17:26:52 -05:00
Aaron Patterson	b71d4ab9d7	predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this CVE-2012-2661	2012-05-30 15:05:19 -07:00

Author

SHA1

Message

Date

Ernie Miller

8355abf153

Additional fix for CVE-2012-2661

While the patched PredicateBuilder in 3.1.5 prevents a user
from specifying a table name using the `table.column` format,
it doesn't protect against the nesting of hashes changing the
table context in the next call to build_from_hash. This fix
covers this case as well.

2012-06-08 17:26:52 -05:00

Aaron Patterson

b71d4ab9d7

predicate builder should not recurse for determining where columns.

Thanks to Ben Murphy for reporting this

CVE-2012-2661

2012-05-30 15:05:19 -07:00

2 Commits