Ruby on Rails结合JSON参数解析使用Active Record解释参数时，攻击者可以发送带有"IS NULL"的意外数据库查询或清空where语句。
0
Ruby on Rails Ruby on Rails 3.x
Ruby on Rails Ruby on Rails 2.3.x
厂商补丁：

Ruby on Rails

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

http://www.rubyonrails.com/

openvas 44

nessus 17

gitlab 3

debian 1

rubygems 3

prion 3

ics 1

debiancve 3

osv 3

cve 3

github 4

fedora 18

veracode 1

ubuntucve 3

freebsd 2

hackerone 1

redhat 5

suse 5

ibm 1

gentoo 1

securityvulns 2

openvas

Debian Security Advisory DSA 2609-1 (rails - SQL query manipulation)

2013-01-16 00:00:00

Debian: Security Advisory (DSA-2609-1)

2013-01-15 00:00:00

Fedora Update for rubygem-activemodel FEDORA-2013-0686

2013-01-24 00:00:00

nessus

Debian DSA-2609-1 : rails - SQL query manipulation

2013-01-17 00:00:00

FreeBSD : rubygem-rails -- multiple vulnerabilities (ca5d3272-59e3-11e2-853b-00262d5ed8ee)

2013-01-09 00:00:00

Fedora 18 : rubygem-actionpack-3.2.8-2.fc18 / rubygem-activerecord-3.2.8-3.fc18 / etc (2013-0568)

2013-01-21 00:00:00

gitlab

Unsafe Query Generation Risk in Ruby on Rails

2013-01-13 00:00:00

Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk)

2013-12-06 00:00:00

Unsafe Query Generation Risk

2016-09-07 00:00:00

debian

[SECURITY] [DSA 2609-1] rails security update

2013-01-16 21:17:01

rubygems

Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk)

2013-12-02 20:00:00

CVE-2013-0155 rubygem-actionpack, rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails

2013-01-07 20:00:00

Unsafe Query Generation Risk in Active Record

2016-08-10 21:00:00

prion

Design/Logic Flaw

2013-12-07 00:55:00

Design/Logic Flaw

2013-01-13 22:55:00

Design/Logic Flaw

2016-09-07 19:28:00

ics

Wonderware Intelligence Tableau Server Ruby on Rails Improper Input Validation (Update A)

2013-02-21 00:00:00

debiancve

CVE-2013-6417

2013-12-07 00:55:00

CVE-2013-0155

2013-01-13 22:55:00

CVE-2016-6317

2016-09-07 19:28:00

osv

actionpack allows bypass of database-query restrictions

2017-10-24 18:33:36

Active Record allows bypassing of database-query restrictions

2017-10-24 18:33:37

ActiveRecord in Ruby on Rails allows database-query bypass

2017-10-24 18:33:35

cve

CVE-2013-6417

2013-12-07 00:55:00

CVE-2013-0155

2013-01-13 22:55:00

CVE-2016-6317

2016-09-07 19:28:00

github

actionpack allows bypass of database-query restrictions

2017-10-24 18:33:36

Moderate severity vulnerability that affects activerecord

2018-08-13 20:49:01

Active Record allows bypassing of database-query restrictions

2017-10-24 18:33:37

fedora

[SECURITY] Fedora 18 Update: rubygem-activesupport-3.2.8-2.fc18

2013-01-20 03:40:48

[SECURITY] Fedora 16 Update: rubygem-activemodel-3.0.10-2.fc16

2013-01-23 01:34:00

[SECURITY] Fedora 18 Update: rubygem-actionpack-3.2.8-2.fc18

2013-01-20 03:40:48

veracode

Database Authorization Bypass

2019-01-15 09:01:52

ubuntucve

CVE-2013-6417

2013-12-07 00:00:00

CVE-2013-0155

2013-01-13 00:00:00

CVE-2016-6317

2016-09-07 00:00:00

freebsd

rubygem-rails -- multiple vulnerabilities

2013-01-08 00:00:00

Rails 4 -- Unsafe Query Generation Risk in Active Record

2016-08-11 00:00:00

hackerone

Ruby on Rails: Unsafe Query Generation (CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155) mitigation bypass

2016-05-17 13:38:03

redhat

(RHSA-2013:1794) Important: ruby193-rubygem-actionpack security update

2013-12-05 00:00:00

(RHSA-2014:0008) Important: ruby193-rubygem-actionpack security update

2014-01-06 00:00:00

(RHSA-2013:0154) Critical: Ruby on Rails security update

2013-01-10 20:37:00

suse

ruby on rails to 2.3.16 (important)

2013-02-12 10:10:39

ruby on rails to 2.3.16 (important)

2013-02-12 11:04:29

Security update for Ruby on Rails (important)

2013-04-03 20:06:19

ibm

Security Bulletin: IBM Security Network Intrusion Prevention System can be affected by vulnerabilities in Ruby on Rails (CVE-2012-2660, CVE-2012-2694, CVE-2013-0156, CVE-2012-6496, CVE-2012-3424, and CVE-2012-2695)

2021-01-25 20:13:51

gentoo

Ruby on Rails: Multiple vulnerabilities

2014-12-14 00:00:00

securityvulns

Apple Mac OS X multiple security vulnerabilities

2013-06-17 00:00:00

APPLE-SA-2013-06-04-1 OS X Mountain Lion v10.8.4 and Security Update 2013-002

2013-06-17 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

0.004 Low

EPSS

Percentile

69.6%

JSON

Related for SSV:60567