Ruby/activerecord-oracle_enhanced-adapter/1.1.6

Oracle enhanced ActiveRecord adapter contains useful additional methods for working with new and legacy Oracle databases. This adapter is superset of original ActiveRecord Oracle adapter.

https://rubygems.org/gems/activerecord-oracle_enhanced-adapter
UNKNOWN

1 Security Vulnerabilities

Oracle "enhanced" ActiveRecord Gem for Ruby :limit / :offset SQL Injection

Published date: 2008-10-10
Links:

Oracle enhanced ActiveRecord Gem for Ruby contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the program not properly sanitizing user-supplied input related to the :limit and :offset functions. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

Affected versions: ["1.1.7", "1.1.6", "1.1.5", "1.1.4", "1.1.3", "1.1.2", "1.1.1", "1.1.0"]
Secure versions: [6.0.4, 6.0.3, 6.0.2, 6.0.0, 6.0.0.rc3, 6.0.0.rc2, 6.0.0.rc1, 6.0.0.beta1, 5.2.8, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.2.0.rc1, 5.2.0.beta1, 1.8.2, 1.8.1, 1.8.0, 1.8.0.rc3, 1.8.0.rc2, 1.8.0.rc1, 1.8.0.beta1, 1.7.11, 1.7.10, 1.7.9, 1.7.8, 1.7.7, 1.7.6, 1.7.5, 1.7.4, 1.7.3, 1.7.2, 1.7.1, 1.7.0, 1.7.0.rc1, 1.7.0.beta7, 1.7.0.beta6, 1.7.0.beta5, 1.7.0.beta4, 1.7.0.beta3, 1.7.0.beta2, 1.7.0.beta1, 1.6.9, 1.6.8, 1.6.7, 1.6.6, 1.6.5, 1.6.4, 1.6.3, 1.6.2, 1.6.1, 1.6.0, 1.6.0.beta1, 1.5.6, 1.5.5, 1.5.4, 1.5.3, 1.5.2, 1.5.1, 1.5.0, 1.5.0.rc1, 1.5.0.beta1, 1.4.3, 1.4.3.rc2, 1.4.3.rc1, 1.4.2, 1.4.2.rc2, 1.4.2.rc1, 1.4.1, 1.4.0, 1.3.2, 1.3.1, 1.3.0, 1.2.4, 1.2.3, 1.2.2, 1.2.1, 1.2.0, 1.1.9, 1.1.8, 6.1.0.rc1, 6.1.0, 6.0.5, 6.1.1, 6.0.6, 6.1.2, 6.1.4, 6.1.5, 7.0.0.rc1, 7.0.0, 7.0.1, 7.0.2, 6.1.6, 7.0.3]
Recommendation: Update to version 7.0.3.

105 Other Versions

Version License Security Released
1.1.4 UNKNOWN 1 2009-07-25 - 18:35 almost 15 years
1.1.3 UNKNOWN 1 2009-07-25 - 18:35 almost 15 years
1.1.2 UNKNOWN 1 2009-07-25 - 18:35 almost 15 years
1.1.1 UNKNOWN 1 2009-07-25 - 18:35 almost 15 years
1.1.0 UNKNOWN 1 2009-07-25 - 18:35 almost 15 years