SECURITY UPDATE |  |
| Release Date: | 2011-11-17 (Last update can be found below the document title) |
| Description: | SQL Sanitization Vulnerability |
| Criticality Level: | Highly Critical ( Less Critical < Critical < Moderately Critical < Highly Critical ) |
| Impact: |
|
| Systems Affected: | Canvas LMS |
| Solution Status: | Patched |
| Discovered By: | Securus Global |
| Relevant Changesets: | https://github.com/instructure/canvas-lms/commit/2183ac7e1006cbfb49a18780d1de767fd753bd45 |
Summary:
A security audit has identified a SQL injection attack vector in the file re-ordering capability, available in the users file area and the course/group file areas.
Status:
A fix to properly escape the posted user input has been developed and deployed to Canvas Cloud. Users of Canvas CV are encouraged to either update to the most recent stable code or apply the patch manually immediately.
