Ruby on Rails Authlogic Gem secret_token.rb Known secret_token Value Weakness
Ruby on Rails contains a flaw in the Authlogic gem. The issue is triggered
when the program makes an unsafe method call for find_by_id. With a specially
crafted parameter in an environment that knows the secret_token value in
secret_token.rb, a remote attacker to more easily conduct SQL injection
Am I vulnerable?
The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.
Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.Sign up for monitoring
Affected package information
|Package||Patched in||Unaffected in|