Discovered about 1 year ago
Source: static code analysis
Category: SQL Injection
Confidence level: Medium


Possible SQL injection


app/models/concerns/sortable.rb:51[:priority].minimum).left_join_priorities.joins(:label_links).where("label_priorities.project_id = #{project_column}")

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/models/concerns/sortable.rb or mark it as false positive.