Lucene search
Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-76819DE6AB99E3133C18D063C24F9513HistoryJun 22, 2012 - 12:00 a.m.
SQL injection vulnerability in Active Record
2012-06-2200:00:00
https://gitlab.com/gitlab-org/security-products/gemnasium-db
gitlab.com
19
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
48.4%
Due to the way Active Record handles nested query parameters, an attacker can use a specially crafted request to inject some forms of SQL into your application’s SQL queries.
| CPE | Name | Operator | Version |
|---|---|---|---|
| gem/activerecord | ge | 3.0.0 | |
| gem/activerecord | lt | 3.0.13 | |
| gem/activerecord | ge | 3.1.0 | |
| gem/activerecord | lt | 3.1.5 | |
| gem/activerecord | ge | 3.2.0 | |
| gem/activerecord | lt | 3.2.4 |
Related
fedora
fedora
[SECURITY] Fedora 16 Update: rubygem-activerecord-3.0.10-2.fc16
2012-06-15 12:31:06
[SECURITY] Fedora 17 Update: rubygem-activerecord-3.0.11-2.fc17
2012-06-15 12:32:36
[SECURITY] Fedora 15 Update: rubygem-activerecord-3.0.5-3.fc15
2012-06-15 12:31:35
openvas
openvas
Fedora Update for rubygem-activerecord FEDORA-2012-8982
2012-06-19 00:00:00
Fedora Update for rubygem-activerecord FEDORA-2012-8982
2012-06-19 00:00:00
Fedora Update for rubygem-activerecord FEDORA-2012-8901
2012-08-30 00:00:00
seebug
seebug
SQL Injection Vulnerability in Ruby on Rails
2012-06-01 00:00:00
nessus
nessus
Fedora 16 : rubygem-activerecord-3.0.10-2.fc16 (2012-8982)
2012-06-18 00:00:00
Fedora 17 : rubygem-activerecord-3.0.11-2.fc17 (2012-8901)
2012-06-18 00:00:00
Fedora 15 : rubygem-activerecord-3.0.5-3.fc15 (2012-8972)
2012-06-18 00:00:00
rubygems
rubygems
SQL Injection Vulnerability in Ruby on Rails
2017-10-23 21:00:00
osv
osv
activerecord vulnerable to SQL Injection
2017-10-24 18:33:38
Active Record vulnerable to SQL Injection via nested query parameters
2017-10-24 18:33:38
cve
cve
CVE-2012-2661
2012-06-22 14:55:00
CVE-2012-2695
2012-06-22 14:55:00
freebsd
freebsd
rubygem-activerecord -- multiple vulnerabilities
2012-05-31 00:00:00
github
github
Active Record vulnerable to SQL Injection via nested query parameters
2017-10-24 18:33:38
activerecord vulnerable to SQL Injection
2017-10-24 18:33:38
debiancve
debiancve
CVE-2012-2661
2012-06-22 14:55:00
prion
prion
Sql injection
2012-06-22 14:55:00
Sql injection
2012-06-22 14:55:00
gitlab
gitlab
ubuntucve
ubuntucve
CVE-2012-2661
2012-06-22 00:00:00
CVE-2012-2695
2012-06-22 00:00:00
suse
suse
Security update for rubygem-actionpack (important)
2012-08-21 19:08:38
Security update for rubygem-activerecord (important)
2012-08-21 20:08:28
redhat
redhat
(RHSA-2013:0154) Critical: Ruby on Rails security update
2013-01-10 20:37:00
(RHSA-2013:0582) Moderate: Red Hat OpenShift Enterprise 1.1.1 update
2013-02-28 00:00:00
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
48.4%
Related for GITLAB-76819DE6AB99E3133C18D063C24F9513