SQL Injection Affecting mysql2 package, versions >0.1.4, <0.2.12
Snyk CVSS
Attack Complexity
Low
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RUBY-MYSQL2-20283
- published 4 Jan 2017
- disclosed 16 Nov 2015
- credit Unknown
Overview
mysql2
is a simple, fast Mysql library for Ruby, binding to libmysql
Affected versions of this gem do not sanitize input passed into the quoted_column_names
function, allowing malicious users to perform SQL Injection attacks.