{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Ruby on Rails 3.0.x ;","product":{"name":"Ruby on Rails","vendor":{"name":"Ruby on Rails","scada":false}}},{"description":"Ruby on Rails 3.2.x.","product":{"name":"Ruby on Rails","vendor":{"name":"Ruby on Rails","scada":false}}},{"description":"Ruby on Rails 3.1.x ;","product":{"name":"Ruby on Rails","vendor":{"name":"Ruby on Rails","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2012-2660","url":"https://www.cve.org/CVERecord?id=CVE-2012-2660"},{"name":"CVE-2012-2661","url":"https://www.cve.org/CVERecord?id=CVE-2012-2661"}],"links":[{"title":"Annonce de publication Ruby on Rails 3.0.13 :      /","url":"http://weblog.rubyonrails.org/2012/5/31/ann-rails-3-0-13-has-been-released"},{"title":"Annonce de publication Ruby on Rails 3.1.5 :      /","url":"http://weblog.rubyonrails.org/2012/5/31/ann-rails-3-1-5-has-been-released"},{"title":"Annonce de publication Ruby on Rails 3.2.4 :      /","url":"http://weblog.rubyonrails.org/2012/5/31/ann-rails-3-2-4-has-been-released"}],"reference":"CERTA-2012-AVI-306","revisions":[{"description":"version initiale.","revision_date":"2012-06-05T00:00:00.000000"}],"risks":[{"description":"Injection SQL"}],"summary":"Deux vuln\u00e9rabilit\u00e9s permettant \u00e0 une personne malintentionn\u00e9e\nd'effectuer des injections SQL ont \u00e9t\u00e9 corrig\u00e9es dans Ruby on Rails.\n","title":"Vuln\u00e9rabilit\u00e9s dans Ruby on Rails","vendor_advisories":[{"published_at":null,"title":"Annonces de mises \u00e0 jour de s\u00e9curit\u00e9 de Ruby on Rails du 31 mai 2012","url":null}]}