General

Profile

Martin Povolny

Issues

Activity

04/19/2018

01:19 PM Foreman Refactor #23300: Do not use string interpolation when composing SQL queries.
I started with Brakeman scan and `grep` and with Foreman only and did not spend much time on this yet.
I think tha...

04/17/2018

02:27 PM Foreman Refactor #23300 (New): Do not use string interpolation when composing SQL queries.
Using string interpolation when composing SQL queries is just one step away from creating a security issue. It's agai...

03/27/2018

05:01 PM Foreman Bug #23028 (Closed): CVE-2018-1096: SQL injection in dashboard controller
Applied in changeset commit:274665e24373de670a9107d4565c10ec41dd5f65.
04:22 PM Foreman Revision 274665e2 (foreman): Fixes #23028 - Properly escape params passed to where (CVE-2018-1096) (#5363)

Also available in: Atom