actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails
before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not
properly consider differences in parameter handling between the
Active Record component and the Rack interface, which allows remote
attackers to bypass intended database-query restrictions and perform
NULL checks via a crafted request, as demonstrated by certain
“[‘xyz’, nil]” values, a related issue to CVE-2012-2660.

CPENameOperatorVersion
actionpackle3.0.13
actionpackge3.1.0
actionpackle3.1.5
actionpackge3.2.0
actionpacklt3.2.6

Name	Operator	Version
actionpack	le	3.0.13
actionpack	ge	3.1.0
actionpack	le	3.1.5
actionpack	ge	3.2.0
actionpack	lt	3.2.6

References

groups.google.com/g/rubyonrails-security/c/jILZ34tAHF4/m/7x0hLH-o0-IJ

fedora 12

nessus 11

silentrobots 2

openvas 28

gitlab 4

ubuntucve 4

suse 4

prion 4

veracode 1

osv 4

github 5

cve 4

freebsd 2

rubygems 3

debiancve 2

hackerone 1

ibm 1

redhat 2

fedora

[SECURITY] Fedora 17 Update: rubygem-actionpack-3.0.11-4.fc17

2012-06-15 00:24:01

[SECURITY] Fedora 17 Update: rubygem-actionpack-3.0.11-5.fc17

2012-06-30 08:25:56

[SECURITY] Fedora 17 Update: rubygem-actionpack-3.0.11-6.fc17

2012-08-09 23:18:43

nessus

Fedora 17 : rubygem-actionpack-3.0.11-4.fc17 (2012-8868)

2012-06-15 00:00:00

Fedora 16 : rubygem-actionpack-3.0.10-6.fc16 (2012-8883)

2012-06-15 00:00:00

Fedora 15 : rubygem-actionpack-3.0.5-8.fc15 (2012-8912)

2012-06-18 00:00:00

silentrobots

Searching Through Git Commits

2014-10-06 04:00:00

Searching Through Git Commits

2014-10-06 04:00:00

openvas

Fedora Update for rubygem-actionpack FEDORA-2012-8868

2012-08-30 00:00:00

Fedora Update for rubygem-actionpack FEDORA-2012-8868

2012-08-30 00:00:00

Fedora Update for rubygem-actionpack FEDORA-2012-9606

2012-08-30 00:00:00

gitlab

SQL Injection

2012-06-22 00:00:00

Moderate severity vulnerability that affects actionpack

2017-10-24 00:00:00

Moderate severity vulnerability that affects actionpack

2017-10-24 00:00:00

ubuntucve

CVE-2012-2694

2012-06-22 00:00:00

CVE-2012-2660

2012-06-22 00:00:00

CVE-2013-0155

2013-01-13 00:00:00

suse

Security update for rubygem-actionpack (important)

2012-08-21 20:08:29

rubygem-actionpack/activerecord-2_3 (important)

2012-08-09 18:08:34

Security update for rubygem-activerecord (important)

2012-08-21 20:08:28

prion

Race condition

2012-06-22 14:55:00

Race condition

2012-06-22 14:55:00

Design/Logic Flaw

2013-01-13 22:55:00

veracode

Database-query Authentication Bypass

2019-01-15 08:53:36

osv

Action Pack contains database-query restrictions bypass

2017-10-24 18:33:38

actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request

2017-10-24 18:33:38

Active Record allows bypassing of database-query restrictions

2017-10-24 18:33:37

github

Action Pack contains database-query restrictions bypass

2017-10-24 18:33:38

actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request

2017-10-24 18:33:38

Moderate severity vulnerability that affects activerecord

2018-08-13 20:49:01

cve

CVE-2012-2694

2012-06-22 14:55:00

CVE-2012-2660

2012-06-22 14:55:00

CVE-2013-0155

2013-01-13 22:55:00

freebsd

rubygem-activerecord -- multiple vulnerabilities

2012-05-31 00:00:00

Rails 4 -- Unsafe Query Generation Risk in Active Record

2016-08-11 00:00:00

rubygems

CVE-2012-2660 rubygem-actionpack: Unsafe query generation

2012-05-30 20:00:00

CVE-2013-0155 rubygem-actionpack, rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails

2013-01-07 20:00:00

Unsafe Query Generation Risk in Active Record

2016-08-10 21:00:00

debiancve

CVE-2013-0155

2013-01-13 22:55:00

CVE-2016-6317

2016-09-07 19:28:00

hackerone

Ruby on Rails: Unsafe Query Generation (CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155) mitigation bypass

2016-05-17 13:38:03

ibm

Security Bulletin: IBM Security Network Intrusion Prevention System can be affected by vulnerabilities in Ruby on Rails (CVE-2012-2660, CVE-2012-2694, CVE-2013-0156, CVE-2012-6496, CVE-2012-3424, and CVE-2012-2695)

2021-01-25 20:13:51

redhat

(RHSA-2013:0154) Critical: Ruby on Rails security update

2013-01-10 20:37:00

(RHSA-2013:0582) Moderate: Red Hat OpenShift Enterprise 1.1.1 update

2013-02-28 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

JSON

Related for RUBY:ACTIONPACK-2012-2694