'[oss-security] Multiple SQL injection vulnerabilities in the puppetclass.rb and search.rb scripts in'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Multiple SQL injection vulnerabilities in the puppetclass.rb and search.rb scripts in
From:       Amos Benari <abenari () redhat ! com>
Date:       2012-12-20 10:35:59
Message-ID: 194812936.50116688.1355999759872.JavaMail.root () redhat ! com
[Download RAW message or body]

Multiple SQL injection vulnerabilities in the puppetclass.rb and search.rb scripts in Foreman 1.0.1 allow remote attackers to execute arbitrary SQL commands via multiple parameters. These issues have been assigned the identifier CVE-2012-5648. Source code updates are available at: https://github.com/theforeman/foreman/commit/387b764b614170f23b3552aca498612e341652db
The issue is now solved in Foreman 1.0.2

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic