Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2017-17919 - Vulnerability Database

Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2017-17919

High
Reference: CVE-2017-17919
Title: Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

DISPUTED SQL injection vulnerability in the 39order39 method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 39id desc39 parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.