Finally a writeup for the vuln, CVE-2022-29176. Such a simple mistake. I feel like the take away lessons are:

1. do not query/trust composite columns. Query individual columns.
2. do not trust arbitrary user Strings.

> do not trust arbitrary user Strings

*How to avoid SQL injections*

Sign in to participate in the conversation

A Mastodon instance for Rubyists & friends