- 01:19 PM Foreman Refactor #23300: Do not use string interpolation when composing SQL queries.
- I started with Brakeman scan and `grep` and with Foreman only and did not spend much time on this yet.
I think tha...
- 02:27 PM Foreman Refactor #23300 (New): Do not use string interpolation when composing SQL queries.
- Using string interpolation when composing SQL queries is just one step away from creating a security issue. It's agai...
- 05:01 PM Foreman Bug #23028 (Closed): CVE-2018-1096: SQL injection in dashboard controller
- Applied in changeset commit:274665e24373de670a9107d4565c10ec41dd5f65.
- 04:22 PM Foreman Revision 274665e2 (foreman): Fixes #23028 - Properly escape params passed to where (CVE-2018-1096) (#5363)
Also available in: Atom