Discovered about 1 year ago
Source: static code analysis
Category: SQL Injection
Confidence level: Weak

Problem

Possible SQL injection

Location

app/models/event_collection.rb:63

filtered_events.limit(limit_for_join_lateral).where("events.#{parent_column} = parents_for_lateral.id")

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/models/event_collection.rb or mark it as false positive.