Rails 4 -- Unsafe Query Generation Risk in Active Record
Ruby Security team reports:
There is a vulnerability when Active Record is used in conjunction with JSON
parameter parsing. This vulnerability has been assigned the CVE identifier
CVE-2016-6317. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright