|Release Date:||2013-01-14 (Last update can be found below the document title)|
|Description:||SQL Query Modification Attack in Rails Library|
|Criticality Level:||Highly Critical ( Less Critical < Critical < Moderately Critical < Highly Critical )|
|Systems Affected:||Canvas LMS|
A JSON parameter parsing vulnerability was discovered in the Ruby on Rails 2.3.x library that Canvas uses. No attack vector against Canvas is verified, but Canvas CV users are still encouraged to update immediately. Further information is available at
Fixed in Canvas Cloud. Users of Canvas CV are encouraged to either update to the most recent stable code or apply the patch manually immediately.