cpe:/a:rubyonrails:rails:3.0.0 cpe:/a:rubyonrails:rails:3.0.0:beta cpe:/a:rubyonrails:rails:3.0.0:beta2 cpe:/a:rubyonrails:rails:3.0.0:beta3 cpe:/a:rubyonrails:rails:3.0.0:beta4 cpe:/a:rubyonrails:rails:3.0.0:rc cpe:/a:rubyonrails:rails:3.0.0:rc2 cpe:/a:rubyonrails:rails:3.0.1 cpe:/a:rubyonrails:rails:3.0.1:pre cpe:/a:rubyonrails:rails:3.0.2 cpe:/a:rubyonrails:rails:3.0.2:pre cpe:/a:rubyonrails:rails:3.0.3 cpe:/a:rubyonrails:rails:3.0.4:rc1 CVE-2011-0448 2011-02-21T13:00:01.287-05:00 2019-08-08T11:41:32.003-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2011-02-22T09:14:00.000-05:00 SECTRACK 1025063 SECUNIA 43278 VUPEN ADV-2011-0877 FEDORA FEDORA-2011-4358 MLIST [rubyonrails-security] 20110209 Potential SQL Injection in Rails 3.0.x CONFIRM http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4 Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.