SECURITY UPDATE |  |
| Release Date: | 2013-01-03 (Last update can be found below the document title) |
| Description: | SQL Injection Attack in Rails Library |
| Criticality Level: | Highly Critical ( Less Critical < Critical < Moderately Critical < Highly Critical ) |
| Impact: |
|
| Systems Affected: | Canvas LMS |
| Solution Status: | Patched |
| Discovered By: | - |
| Relevant Changesets: | https://github.com/instructure/canvas-lms/commit/2a1ca6c06065fdb2b048add069a8d2edd64f035f |
Summary:
A SQL Injection Vulnerability was discovered in the Ruby on Rails 2.3.x library that Canvas uses. No working exploit against Canvas is known, but users of Canvas CV are still encouraged to apply the patch immediately.
Status:
Fixed in Canvas Cloud. Users of Canvas CV are encouraged to either update to the most recent stable code or apply the patch manually immediately.
CVE: CVE-2012-5664
