2012-06-13 Instructure Advisory IAC87646 - Rails SQL Injection Vulnerability

Document created by jordan@instructure.com on Sep 22, 2015Last modified by Renee Carney on Sep 22, 2015
Version 2Show Document
  • View in full screen mode


Canvas + Logo transparent (WHITE)- 300px.png


  Release Date:2012-06-13  (Last update can be found below the document title)
  Description:SQL Injection Attack in Rails Library
  Criticality Level:Highly Critical ( Less Critical < Critical < Moderately Critical < Highly Critical )
  • Manipulation of data
  • Exposure of sensitive information
  • Privilege escalation
  Systems Affected:Canvas LMS
  Solution Status:Patched
  Discovered By:-
  Relevant Changesets:




A SQL Injection Vulnerability was discovered in the Ruby on Rails 2.3.x library that Canvas uses. Due to the way Active Record handles nested query parameters, an attacker can use a specially crafted request to inject some forms of SQL into your application's SQL queries.

More information is available at http://seclists.org/oss-sec/2012/q2/504 .



Fixed in Canvas Cloud. Users of Canvas CV are encouraged to either update to the most recent stable code or apply the patch manually immediately.