Lucene search
K

30 matches found

Veracode
Veracode
added 2019/01/15 8:53 a.m.48 views

Database-query Authentication Bypass

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

6.4CVSS7.2AI score0.046EPSS
Exploits3References17Affected Software43
OSV
OSV
added 2017/10/24 6:33 p.m.45 views

GHSA-HGPP-PP89-4FGF Action Pack contains database-query restrictions bypass

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 2.3.16, 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to...

6.4CVSS7.4AI score0.046EPSS
Exploits1References13
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.54 views

Action Pack contains database-query restrictions bypass

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 2.3.16, 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to...

6.4CVSS7.4AI score0.046EPSS
Exploits1References13Affected Software1
RubySec
RubySec
added 2017/10/24 12:0 a.m.32 views

Unsafe Query Generation Risk in Ruby on Rails

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

6.4CVSS7.1AI score0.046EPSS
Exploits3References1Affected Software1
RubySec
RubySec
added 2016/08/11 12:0 a.m.57 views

Unsafe Query Generation Risk in Active Record

There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155. Impact ------ Due to the way Active Record interprets parameters in combination with the way that JSON parameters are...

7.5CVSS2.1AI score0.05673EPSS
Exploits4References1Affected Software1
Hacker One
Hacker One
added 2016/05/17 1:38 p.m.62 views

Ruby on Rails: Unsafe Query Generation (CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155) mitigation bypass

Unsafe Query Generation Risk in Active Record There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. This vulnerability has been assigned the CVE identifier CVE-2016-6317. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155...

6.4CVSS7.9AI score0.05673EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.51 views

openSUSE Security Update : rubygem-actionpack/activerecord-2_3 (openSUSE-SU-2012:0978-1)

3 Security issues were fixed in rails 2.3 core components. 2 NULL query issues where fixed in the actionpack gem. 1 SQL injection was fixed in the activerecord gem. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

7.5CVSS7.4AI score0.046EPSS
Exploits4References6
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.53 views

openSUSE Security Update : rubygem-actionmailer-3_2 / rubygem-actionpack-3_2 / rubygem-activemodel-3_2 / etc (openSUSE-SU-2012:1066-1)

Multiple version upgrades for rails components. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-536. The text description of this plugin is C SUSE LLC...

7.5CVSS7.7AI score0.046EPSS
Exploits7References6
OpenVAS
OpenVAS
added 2013/04/02 12:0 a.m.36 views

Fedora Update for rubygem-actionpack FEDORA-2013-4199

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

6.4CVSS7.8AI score0.05673EPSS
Exploits8References2
RedHat Linux
RedHat Linux
added 2013/02/28 6:53 p.m.5 views

rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...

6.4CVSS7.2AI score0.05673EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2013/01/24 12:0 a.m.38 views

Fedora Update for rubygem-actionpack FEDORA-2013-0686

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

7.5CVSS8.2AI score0.99449EPSS
Exploits28References2
OpenVAS
OpenVAS
added 2013/01/24 12:0 a.m.44 views

Fedora Update for rubygem-actionpack FEDORA-2013-0635

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

7.5CVSS8.2AI score0.99449EPSS
Exploits28References2
Prion
Prion
added 2013/01/13 10:55 p.m.51 views

Design/Logic Flaw

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...

6.4CVSS6.8AI score0.05673EPSS
Exploits4References12Affected Software3
RedHat Linux
RedHat Linux
added 2013/01/10 8:39 p.m.4 views

rubygem-actionpack: Unsafe query generation

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

6.4CVSS7.2AI score0.046EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2012/12/04 7:24 p.m.3 views

rubygem-actionpack: Unsafe query generation

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

6.4CVSS7.2AI score0.046EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2012/08/30 12:0 a.m.55 views

Fedora Update for rubygem-actionpack FEDORA-2012-9606

Check for the Version of rubygem-actionpack OpenVAS Vulnerability Test Fedora Update for rubygem-actionpack FEDORA-2012-9606 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

6.4CVSS0.1AI score0.046EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2012/08/30 12:0 a.m.35 views

Fedora Update for rubygem-actionpack FEDORA-2012-9606

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

6.4CVSS7.6AI score0.046EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2012/08/30 12:0 a.m.44 views

Fedora Update for rubygem-actionpack FEDORA-2012-11885

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

5CVSS7.8AI score0.02568EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2012/08/30 12:0 a.m.49 views

Fedora Update for rubygem-actionpack FEDORA-2012-11363

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

5CVSS7.7AI score0.01905EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2012/08/24 12:0 a.m.45 views

Fedora Update for rubygem-actionpack FEDORA-2012-11870

Check for the Version of rubygem-actionpack OpenVAS Vulnerability Test Fedora Update for rubygem-actionpack FEDORA-2012-11870 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

6.4CVSS0.1AI score0.046EPSS
Exploits6References2
Rows per page
Query Builder