You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@rud I can imagine a system where app_config is used to store per-user config (ie, config values accepted from end users), so this could potentially be an issue. I'll investigate when I get some spare time. Thanks for submitting the issue!
Seeing this:
app_config/lib/app_config/storage/postgres.rb
Lines 48 to 56 in 6148df4
I know end-user input is not expected to be stored in a configuration backend, but the code as it stands is classic SQL injection.
This might be relevant: http://deveiate.org/code/pg/PG/Connection.html#method-c-escape_string
The text was updated successfully, but these errors were encountered: