6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.003 Low
EPSS
Percentile
70.9%
rubygem-activerecord – multiple vulernabilities
Due to the way Active Record interprets parameters in
combination with the way that Rack parses query parameters, it
is possible for an attacker to issue unexpected database
queries with “IS NULL” where clauses. This issue does not
let an attacker insert arbitrary values into an SQL query,
however they can cause the query to check for NULL where most
users wouldn’t expect it.
Due to the way Active Record handles nested query parameters,
an attacker can use a specially crafted request to inject some
forms of SQL into your application’s SQL queries.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | rubygem-activemodel | < 3.2.4 | UNKNOWN |