Lucene search
Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-FB5DEAC3C8BAB0472AE53730B3D107F4HistoryJan 03, 2013 - 12:00 a.m.
Ruby on Rails find_by_* Methods Authlogic SQL Injection Bypass
2013-01-0300:00:00
https://gitlab.com/gitlab-org/security-products/gemnasium-db
gitlab.com
20
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
74.7%
Due to the way dynamic finders in Active Record extract options from method parameters, a method parameter can mistakenly be used as a scope. Carefully crafted requests can use the scope to inject arbitrary SQL.
| CPE | Name | Operator | Version |
|---|---|---|---|
| gem/activerecord | ge | 3.0.0 | |
| gem/activerecord | lt | 3.0.18 | |
| gem/activerecord | ge | 3.1.0 | |
| gem/activerecord | lt | 3.1.9 | |
| gem/activerecord | ge | 3.2.0 | |
| gem/activerecord | lt | 3.2.10 |
Related
nessus
nessus
GLSA-201401-22 : Active Record: SQL injection
2014-01-22 00:00:00
Fedora 17 : rubygem-activerecord-3.0.11-4.fc17 (2013-0245)
2013-01-15 00:00:00
cve
cve
veracode
veracode
SQL Command Injection
2019-01-15 08:53:39
Information Disclosure
2019-05-02 04:52:23
Open Redirect
2019-05-02 04:52:21
debiancve
debiancve
CVE-2012-6496
2013-01-04 04:46:00
CVE-2012-6497
2013-01-04 04:46:00
openvas
openvas
Fedora Update for rubygem-activerecord FEDORA-2013-0185
2013-01-21 00:00:00
Fedora Update for rubygem-activerecord FEDORA-2013-0185
2013-01-21 00:00:00
Gentoo Security Advisory GLSA 201401-22
2015-09-29 00:00:00
seebug
seebug
Ruby on Rails Active Recordη»δ»ΆSQL注ε
₯ζΌζ΄(CVE-2012-6496)
2013-01-05 00:00:00
gentoo
gentoo
Active Record: SQL injection
2014-01-21 00:00:00
prion
prion
Sql injection
2013-01-04 04:46:00
Sql injection
2013-01-04 04:46:00
fedora
fedora
[SECURITY] Fedora 18 Update: rubygem-activerecord-3.2.8-2.fc18
2013-01-15 02:31:59
[SECURITY] Fedora 18 Update: rubygem-activerecord-3.2.8-5.fc18
2013-03-30 21:32:07
[SECURITY] Fedora 18 Update: rubygem-activerecord-3.2.8-3.fc18
2013-01-20 03:40:48
osv
osv
Active Record contains SQL Injection
2017-10-24 18:33:37
Authlogic Information Exposure vulnerability
2022-05-14 00:54:20
github
github
Active Record contains SQL Injection
2017-10-24 18:33:37
Authlogic Information Exposure vulnerability
2022-05-14 00:54:20
ubuntucve
ubuntucve
CVE-2012-6496
2013-01-04 00:00:00
securityvulns
securityvulns
redhat
redhat
(RHSA-2013:0220) Important: Red Hat OpenShift Enterprise 1.1 update
2013-01-31 00:00:00
(RHSA-2013:0154) Critical: Ruby on Rails security update
2013-01-10 20:37:00
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
74.7%
Related for GITLAB-FB5DEAC3C8BAB0472AE53730B3D107F4