VulnerableCode Vulnerability Details - VCID-y922-r53a-rke5

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-y922-r53a-rke5

Essentials
Severities (10)
References (14)
Severity details (9)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-y922-r53a-rke5
Aliases	CVE-2011-0448 GHSA-jmm9-2p29-vh2w
Summary	activerecord vulnerable to SQL Injection Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	HIGH	http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain
generic_textual	HIGH	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
epss	0.00689	https://api.first.org/data/v1/epss?cve=CVE-2011-0448
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-jmm9-2p29-vh2w
generic_textual	HIGH	https://github.com/rails/rails
generic_textual	HIGH	https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474
generic_textual	HIGH	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2011-0448
generic_textual	HIGH	https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063
generic_textual	HIGH	http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4

Reference id	Reference type	URL
		http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain
		http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
		https://api.first.org/data/v1/epss?cve=CVE-2011-0448
		http://secunia.com/advisories/43278
		http://securitytracker.com/id?1025063
		https://github.com/rails/rails
		https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474
		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml
		https://nvd.nist.gov/vuln/detail/CVE-2011-0448
		https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063
		http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4
		http://www.vupen.com/english/advisories/2011/0877
GHSA-jmm9-2p29-vh2w		https://github.com/advisories/GHSA-jmm9-2p29-vh2w
GLSA-201412-28		https://security.gentoo.org/glsa/201412-28

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.72088
EPSS Score	0.00689
Published At	May 29, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-29T08:57:05.642374+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-jmm9-2p29-vh2w/GHSA-jmm9-2p29-vh2w.json	38.6.0