5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
48.4%
Due to the way Active Record handles nested query parameters, an attacker can use a specially crafted request to inject some forms of SQL into your application’s SQL queries.
CPE | Name | Operator | Version |
---|---|---|---|
gem/activerecord | ge | 3.0.0 | |
gem/activerecord | lt | 3.0.13 | |
gem/activerecord | ge | 3.1.0 | |
gem/activerecord | lt | 3.1.5 | |
gem/activerecord | ge | 3.2.0 | |
gem/activerecord | lt | 3.2.4 |