Уязвимость CVE-2013-0155

Пакет	Статус	Версия исправления	Тип
ruby-activerecord-3.2	fixed	3.2.6-4	package
ruby-activerecord-2.3	fixed	2.3.14-4	package
ruby-actionpack-3.2	fixed	3.2.6-5	package
rails	fixed	2.3.14.1	package

CVE-2013-0155

ubuntu

около 13 лет назад

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660 and CVE-2012-2694.

CVE-2013-0155

redhat

около 13 лет назад

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660 and CVE-2012-2694.

CVE-2013-0155

nvd

около 13 лет назад

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660 and CVE-2012-2694.

GHSA-gppp-5xc5-wfpx

github

больше 8 лет назад

Active Record allows bypassing of database-query restrictions

exploitDog

CVE-2013-0155

Описание

Пакеты

Примечания

Связанные уязвимости