6 matches found
Ruby on Rails Active Record 数据类型注入漏洞(CVE-2013-3221)
CVE ID:CVE-2013-3221 Ruby on Rails是一个使用Ruby语言所写的开源网络应用框架。 Ruby on Rails Active Record组件在对数据库列中输入值和存储值进行比较时,没有确保使用该数据库列所声明的数据类型,允许远程攻击者比较容易的通过特殊值对Ruby on Rails应用程序进行数据类型注入的攻击。如可通过"typed XML"特和Mysql数据库特殊的交互来利用此漏洞。 0 Ruby on Rails 2.3.x Ruby on Rails 3.0.x Ruby on Rails 3.1.x Ruby on Rails 3.2.x...
CVE-2013-3221
The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attack...
CVE-2013-3221
The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attack...
CVE-2013-3221
The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attack...
CVE-2013-3221
CVE-2013-3221 involves the Active Record component of Ruby on Rails (versions 2.3.x, 3.0.x, 3.1.x, 3.2.x). The issue arises because the database column data type declared for a column is not consistently used when comparing input values to stored values, enabling data-type injection attacks. The ...
CVE-2013-3221
The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attack...