Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2012-6497

Опубликовано: 04 янв. 2013
Источник: debian
EPSS Низкий

Описание

The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe find_by_id method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secret_token value, as demonstrated by a value contained in secret_token.rb in an open-source product.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ruby-activerecord-3.2fixed3.2.6-3package
ruby-activerecord-2.3fixed2.3.14-3package
railsfixed2.3.14.1package

Примечания

  • Starting with 2.3.14.1 rails is a transition package

EPSS

Процентиль: 60%
0.004
Низкий

Связанные уязвимости

nvd логотип

CVE-2012-6497

nvd
около 13 лет назад

The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe find_by_id method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secret_token value, as demonstrated by a value contained in secret_token.rb in an open-source product.

github логотип

GHSA-rx7j-mw4c-76g9

github
больше 3 лет назад

Authlogic Information Exposure vulnerability

EPSS

Процентиль: 60%
0.004
Низкий