Impact
Before version 0.1.3 update_by_case gem used custom sql strings, and it was not sanitized, making it vulnerable to sql injection.
Patches
Upgrade to version >= 0.1.3 that uses Arel instead to construct the resulting sql statement, with sanitized sql.
Impact
Before version 0.1.3
update_by_casegem used custom sql strings, and it was not sanitized, making it vulnerable to sql injection.Patches
Upgrade to version >= 0.1.3 that uses
Arelinstead to construct the resulting sql statement, with sanitized sql.