11 matches found
EUVD-2022-6218
Malicious code in bioql PyPI...
openSUSE 15 Security Update : rubygem-activerecord-5.2 (openSUSE-SU-2023:0009-1)
The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2023:0009-1 advisory. - A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record 7.0.3.1, 6.1.6.1, 6.0.5.1 and 5.2.8.1 which...
OPENSUSE-SU-2023:0009-1 Security update for rubygem-activerecord-5.2
This update for rubygem-activerecord-5.2 fixes the following issues: - CVE-2022-32224: Fixed possible remote code execution when using YAML serialized columns in Active Record boo1201465...
CVE-2022-32224
A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record 7.0.3.1, 6.1.6.1, 6.0.5.1 and 5.2.8.1 which could allow an attacker, that can manipulate data in the database via means like SQL injection, the ability to escalate to an RCE...
DEBIAN-CVE-2022-32224
A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record 7.0.3.1, 6.1.6.1, 6.0.5.1 and 5.2.8.1 which could allow an attacker, that can manipulate data in the database via means like SQL injection, the ability to escalate to an RCE...
UBUNTU-CVE-2022-32224
A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record 7.0.3.1, 6.1.6.1, 6.0.5.1 and 5.2.8.1 which could allow an attacker, that can manipulate data in the database via means like SQL injection, the ability to escalate to an RCE...
CVE-2022-32224
A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record 7.0.3.1, 6.1.6.1, 6.0.5.1 and 5.2.8.1 which could allow an attacker, that can manipulate data in the database via means like SQL injection, the ability to escalate to an RCE...
CVE-2022-32224
A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record 7.0.3.1, 6.1.6.1, 6.0.5.1 and 5.2.8.1 which could allow an attacker, that can manipulate data in the database via means like SQL injection, the ability to escalate to an RCE...
CVE-2022-32224
A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record 7.0.3.1, 6.1.6.1, 6.0.5.1 and 5.2.8.1 which could allow an attacker, that can manipulate data in the database via means like SQL injection, the ability to escalate to an RCE...
CVE-2022-32224
CVE-2022-32224 : Rails/ActiveRecord YAML deserialization issue. YAML-serialized columns can be deserialized with YAML.unsafe_load, enabling an attacker who can manipulate data in the database (e.g., via SQL injection) to escalate to remote code execution (RCE). Affected Rails/ActiveRecord version...
PT-2022-21161 · Ruby +4 · Ruby On Rails +4
Name of the Vulnerable Software and Affected Versions: Ruby on Rails versions prior to 7.0.3.1 Ruby on Rails versions prior to 6.1.6.1 Ruby on Rails versions prior to 6.0.5.1 Ruby on Rails versions prior to 5.2.8.1 Description: A possible escalation to remote code execution RCE exists when using...