Follow

Finally a writeup for the rubygems.org vuln, CVE-2022-29176. Such a simple mistake. I feel like the take away lessons are:

1. do not query/trust composite columns. Query individual columns.
2. do not trust arbitrary user Strings.

greg.molnar.io/blog/rubygems-c

@postmodern
> do not trust arbitrary user Strings

*How to avoid SQL injections*

Sign in to participate in the conversation
Ruby.social

A Mastodon instance for Rubyists & friends