71 行
2.1 KiB
JSON
71 行
2.1 KiB
JSON
{
|
|
"canonical_id": "rails--CVE-2011-0448",
|
|
"system_id": "rails",
|
|
"display_name": "Ruby on Rails",
|
|
"category": "frameworks",
|
|
"advisory_mode": "core",
|
|
"title": "CVE-2011-0448",
|
|
"summary": "Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.",
|
|
"published_at": "2011-02-21T18:00:01.287",
|
|
"updated_at": "2025-04-11T00:51:21.963",
|
|
"severity": "high",
|
|
"cvss_score": 7.5,
|
|
"exploit_status": "unknown",
|
|
"source_confidence": "ecosystem-authority",
|
|
"official_source_url": "http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain",
|
|
"secondary_source_urls": [
|
|
"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html",
|
|
"http://secunia.com/advisories/43278",
|
|
"http://securitytracker.com/id?1025063",
|
|
"http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4",
|
|
"http://www.vupen.com/english/advisories/2011/0877",
|
|
"https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474"
|
|
],
|
|
"aliases": [
|
|
"CVE-2011-0448"
|
|
],
|
|
"cve_ids": [
|
|
"CVE-2011-0448"
|
|
],
|
|
"ghsa_ids": [],
|
|
"osv_ids": [],
|
|
"affected_versions": [],
|
|
"fixed_versions": [],
|
|
"package_name": null,
|
|
"render_markdown": false,
|
|
"case_path": null,
|
|
"secure_code_topics": [
|
|
"xss-output-encoding",
|
|
"file-upload-validation",
|
|
"authz-server-side-recheck"
|
|
],
|
|
"status": "triage",
|
|
"triage_reasons": [
|
|
"missing affected/fixed version details"
|
|
],
|
|
"verification_status": "triage-manual",
|
|
"verification_mode": "synthetic",
|
|
"last_verified_at": null,
|
|
"last_run_id": null,
|
|
"evidence_bundle": null,
|
|
"historical_status": null,
|
|
"latest_status": null,
|
|
"browser_evidence": {
|
|
"required": false,
|
|
"present": false,
|
|
"refs": []
|
|
},
|
|
"repro_profile_id": "xss-generic",
|
|
"artifact_mode": "synthetic",
|
|
"blocked_reason": null,
|
|
"metadata": {
|
|
"source_names": [
|
|
"NVD Ruby on Rails"
|
|
],
|
|
"source_kinds": [
|
|
"nvd-search"
|
|
],
|
|
"candidate_count": 1
|
|
}
|
|
}
|