GHSA-FH39-V733-MXFR Active Record vulnerable to SQL Injection via nested query parameters

The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query...

Active Record vulnerable to SQL Injection via nested query parameters

The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query...

CVE-2013-1854

The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method...

CVE-2013-1854

The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method...

CVE-2012-6496

CVE-2012-6496 affects the Active Record component of Ruby on Rails. It describes an SQL injection vulnerability in Rails versions prior to 3.0.18 (3.0 line), 3.1.x prior to 3.1.9, and 3.2.x prior to 3.2.10, where crafted requests can exploit the incorrect behavior of dynamic find_by_ methods with...