CVE-2017-17916 is a vulnerability in Ruby on Rails Rails
Published on December 29, 2017

SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input

NVD

Products Associated with CVE-2017-17916

Want to know whenever a new CVE is published for Ruby on Rails Rails? stack.watch will email you.

Ruby on Rails Rails

Exploit Probability

EPSS

0.59%

Percentile

68.70%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2017-17916 is a vulnerability in Ruby on Rails RailsPublished on December 29, 2017

Products Associated with CVE-2017-17916

Exploit Probability

CVE-2017-17916 is a vulnerability in Ruby on Rails Rails
Published on December 29, 2017