SQL Injection
Closed this issue · 0 comments
10dot commented
Codeburner identified the following vulnerability in codeburner-public release a5dee0f228f0fce09d1ebbd31d3fa0e4ae23ee26:
Description: SQL Injection
Severity: Medium
Details: Possible SQL injection
http://brakemanscanner.org/docs/warning_types/sql_injection/
Scanner: Brakeman
File: app/models/service.rb, Line: 65
Code:
where("#{attribute} LIKE ?", value)