Please sign in to comment.
Additional fix for CVE-2012-2661
While the patched PredicateBuilder in 3.0.13 prevents a user from specifying a table name using the `table.column` format, it doesn't protect against the nesting of hashes changing the table context in the next call to build_from_hash. This fix covers this case as well.
- Loading branch information...
Showing with 9 additions and 3 deletions.