Lucene search
K

6 matches found

seebug.org
seebug.org
added 2013/04/24 12:0 a.m.29 views

Ruby on Rails Active Record 数据类型注入漏洞(CVE-2013-3221)

CVE ID:CVE-2013-3221 Ruby on Rails是一个使用Ruby语言所写的开源网络应用框架。 Ruby on Rails Active Record组件在对数据库列中输入值和存储值进行比较时,没有确保使用该数据库列所声明的数据类型,允许远程攻击者比较容易的通过特殊值对Ruby on Rails应用程序进行数据类型注入的攻击。如可通过"typed XML"特和Mysql数据库特殊的交互来利用此漏洞。 0 Ruby on Rails 2.3.x Ruby on Rails 3.0.x Ruby on Rails 3.1.x Ruby on Rails 3.2.x...

6.4CVSS6.6AI score0.01946EPSS
Exploits2
NVD
NVD
added 2013/04/22 3:27 a.m.30 views

CVE-2013-3221

The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attack...

6.4CVSS6.4AI score0.01946EPSS
Exploits2References6
OSV
OSV
added 2013/04/22 3:27 a.m.7 views

CVE-2013-3221

The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attack...

6.3AI score
Exploits0References6
UbuntuCve
UbuntuCve
added 2013/04/22 3:27 a.m.17 views

CVE-2013-3221

The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attack...

6.4CVSS7.1AI score0.01946EPSS
Exploits2References5
CVE
CVE
added 2013/04/22 1:0 a.m.76 views

CVE-2013-3221

CVE-2013-3221 involves the Active Record component of Ruby on Rails (versions 2.3.x, 3.0.x, 3.1.x, 3.2.x). The issue arises because the database column data type declared for a column is not consistently used when comparing input values to stored values, enabling data-type injection attacks. The ...

6.4CVSS6.6AI score0.01946EPSS
Exploits2References6Affected Software1
Cvelist
Cvelist
added 2013/04/22 1:0 a.m.26 views

CVE-2013-3221

The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attack...

6.3AI score0.01946EPSS
Exploits2References6
Rows per page
Query Builder