Active Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain “[nil]” values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.

CPENameOperatorVersion
activerecordle4.2.7.0

CPE	Name	Operator	Version
	activerecord	le	4.2.7.0

References

github.com/advisories/GHSA-m8h6-m9p5-p2f8

nvd.nist.gov/vuln/detail/CVE-2016-6317

cve 5

osv 5

debiancve 3

ubuntucve 5

prion 5

github 5

rubygems 6

hackerone 1

freebsd 3

nessus 25

gitlab 6

veracode 2

openvas 66

suse 9

fedora 27

silentrobots 2

ibm 1

seebug 2

debian 1

redhat 5

ics 1

gentoo 1

securityvulns 2

cve

CVE-2013-0155

2013-01-13 22:55:00

CVE-2016-6317

2016-09-07 19:28:00

CVE-2012-2660

2012-06-22 14:55:00

osv

Active Record allows bypassing of database-query restrictions

2017-10-24 18:33:37

ActiveRecord in Ruby on Rails allows database-query bypass

2017-10-24 18:33:35

Action Pack contains database-query restrictions bypass

2017-10-24 18:33:38

debiancve

CVE-2013-0155

2013-01-13 22:55:00

CVE-2016-6317

2016-09-07 19:28:00

CVE-2013-6417

2013-12-07 00:55:00

ubuntucve

CVE-2013-0155

2013-01-13 00:00:00

CVE-2016-6317

2016-09-07 00:00:00

CVE-2012-2694

2012-06-22 00:00:00

prion

Design/Logic Flaw

2013-01-13 22:55:00

Design/Logic Flaw

2016-09-07 19:28:00

Race condition

2012-06-22 14:55:00

github

Active Record allows bypassing of database-query restrictions

2017-10-24 18:33:37

ActiveRecord in Ruby on Rails allows database-query bypass

2017-10-24 18:33:35

Action Pack contains database-query restrictions bypass

2017-10-24 18:33:38

rubygems

CVE-2013-0155 rubygem-actionpack, rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails

2013-01-07 20:00:00

Unsafe Query Generation Risk in Active Record

2016-08-10 21:00:00

CVE-2012-2660 rubygem-actionpack: Unsafe query generation

2012-05-30 20:00:00

hackerone

Ruby on Rails: Unsafe Query Generation (CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155) mitigation bypass

2016-05-17 13:38:03

freebsd

Rails 4 -- Unsafe Query Generation Risk in Active Record

2016-08-11 00:00:00

rubygem-activerecord -- multiple vulnerabilities

2012-05-31 00:00:00

rubygem-rails -- multiple vulnerabilities

2013-01-08 00:00:00

nessus

FreeBSD : Rails 4 -- Unsafe Query Generation Risk in Active Record (7e61cf44-6549-11e6-8286-00248c0c745d)

2016-10-17 00:00:00

Fedora 16 : rubygem-actionpack-3.0.10-7.fc16 (2012-9636)

2012-07-01 00:00:00

Fedora 17 : rubygem-actionpack-3.0.11-5.fc17 (2012-9606)

2012-07-01 00:00:00

gitlab

Unsafe Query Generation Risk

2016-09-07 00:00:00

Moderate severity vulnerability that affects actionpack

2017-10-24 00:00:00

Moderate severity vulnerability that affects actionpack

2017-10-24 00:00:00

veracode

Database-query Authentication Bypass

2019-01-15 08:53:36

Database Authorization Bypass

2019-01-15 09:01:52

openvas

Fedora Update for rubygem-actionpack FEDORA-2012-9606

2012-08-30 00:00:00

Fedora Update for rubygem-actionpack FEDORA-2012-9606

2012-08-30 00:00:00

openSUSE: Security Advisory for rubygem-actionpack/activerecord-2_3 (openSUSE-SU-2012:0978-1)

2012-12-13 00:00:00

suse

Security update for rubygem-actionpack (important)

2012-08-21 20:08:29

rubygem-actionpack/activerecord-2_3 (important)

2012-08-09 18:08:34

Security update for rubygem-actionpack (important)

2012-08-21 19:08:38

fedora

[SECURITY] Fedora 17 Update: rubygem-actionpack-3.0.11-5.fc17

2012-06-30 08:25:56

[SECURITY] Fedora 17 Update: rubygem-actionpack-3.0.11-6.fc17

2012-08-09 23:18:43

[SECURITY] Fedora 17 Update: rubygem-actionpack-3.0.11-8.fc17

2013-01-23 01:53:38

silentrobots

Searching Through Git Commits

2014-10-06 04:00:00

Searching Through Git Commits

2014-10-06 04:00:00

ibm

Security Bulletin: IBM Security Network Intrusion Prevention System can be affected by vulnerabilities in Ruby on Rails (CVE-2012-2660, CVE-2012-2694, CVE-2013-0156, CVE-2012-6496, CVE-2012-3424, and CVE-2012-2695)

2021-01-25 20:13:51

seebug

Ruby on Rails不安全查询生成漏洞

2013-01-10 00:00:00

Ruby on Rails嵌套参数SQL注入漏洞

2012-06-16 00:00:00

debian

[SECURITY] [DSA 2609-1] rails security update

2013-01-16 21:17:01

redhat

(RHSA-2013:0154) Critical: Ruby on Rails security update

2013-01-10 20:37:00

(RHSA-2013:0582) Moderate: Red Hat OpenShift Enterprise 1.1.1 update

2013-02-28 00:00:00

(RHSA-2013:1794) Important: ruby193-rubygem-actionpack security update

2013-12-05 00:00:00

ics

Wonderware Intelligence Tableau Server Ruby on Rails Improper Input Validation (Update A)

2013-02-21 00:00:00

gentoo

Ruby on Rails: Multiple vulnerabilities

2014-12-14 00:00:00

securityvulns

Apple Mac OS X multiple security vulnerabilities

2013-06-17 00:00:00

APPLE-SA-2013-06-04-1 OS X Mountain Lion v10.8.4 and Security Update 2013-002

2013-06-17 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

JSON

Related for GHSA-M8H6-M9P5-P2F8