Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2012-2661 - Vulnerability Database

Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2012-2661

Medium
Reference: CVE-2012-2661
Title: Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

The Active Record component in Ruby on Rails 3.0.x before 3.0.13 3.1.x before 3.1.5 and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage unintended recursion a related issue to CVE-2012-2695.