CVE-2011-0448

{"id": "CVE-2011-0448", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-02-21T18:00:01.287", "references": [{"url": "http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain", "tags": ["Patch"], "source": "[email protected]"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html", "source": "[email protected]"}, {"url": "http://secunia.com/advisories/43278", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "http://securitytracker.com/id?1025063", "source": "[email protected]"}, {"url": "http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4", "tags": ["Patch"], "source": "[email protected]"}, {"url": "http://www.vupen.com/english/advisories/2011/0877", "source": "[email protected]"}, {"url": "https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474", "source": "[email protected]"}, {"url": "http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/43278", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1025063", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2011/0877", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument."}, {"lang": "es", "value": "Ruby on Rails v3.0.x anteriores a v3.0.4 no garantiza que los argumentos de la funci\u00f3n de especificar los valores l\u00edmite de n\u00famero entero, lo que facilita a los atacantes remotos para realizar ataques de inyecci\u00f3n SQL a trav\u00e9s de un argumento no num\u00e9rico."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3BE7DFE-BA20-434B-A1DE-AD038B255C60"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCEE5B21-C990-4705-8239-0D7B29DAEDA1"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65EE33B1-B079-4CDE-B9C2-F1613A4610DC"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CAAA20B-824F-4448-99DC-9712FE628073"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2BEBDFB-0F30-454A-B74C-F820C9D2708B"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D7CD8C1-95D1-477E-AD96-6582EC33BA01"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6F00D98-3D0F-40AF-AE4F-090B1E6B660C"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9476CE55-69C0-45D3-B723-6F459C90BF05"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "486F5BA6-BCF7-4691-9754-19D364B4438D"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "112FC73B-A8BC-4EEA-9F4B-CCE685EF2838"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4498383-6FCA-4E17-A1FD-B0CE7EE50F85"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D26565B1-2BA6-4A3C-9264-7FC9A1820B59"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "644EF85E-6D3E-4F5C-96B0-49AD2A2D90CE"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}