SQL Injection

Question

Closed this issue 9 years ago · 0 comments

Codeburner identified the following vulnerability in codeburner-public release a5dee0f228f0fce09d1ebbd31d3fa0e4ae23ee26:

Description: SQL Injection
Severity:       Medium
Details:         Possible SQL injection
http://brakemanscanner.org/docs/warning_types/sql_injection/
Scanner:       Brakeman
File:               app/models/service.rb, Line: 65
Code:

where("#{attribute} LIKE ?", value)