Vulnerabilities (CVE)

Filtered by vendor Update By Case Project Subscribe
Filtered by product Update By Case
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-35956 1 Update By Case Project 1 Update By Case 2024-11-21 N/A 5.8 MEDIUM
This Rails gem adds two methods to the ActiveRecord::Base class that allow you to update many records on a single database hit, using a case sql statement for it. Before version 0.1.3 `update_by_case` gem used custom sql strings, and it was not sanitized, making it vulnerable to sql injection. Upgrade to version >= 0.1.3 that uses `Arel` instead to construct the resulting sql statement, with sanitized sql.