GHSA-rx7j-mw4c-76g9

Опубликовано: 14 мая 2022

Источник: github

Github: Прошло ревью

Описание

Authlogic Information Exposure vulnerability

The Authlogic gem for Ruby on Rails prior to version 3.3.0 makes potentially unsafe find_by_id method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secret_token value, as demonstrated by a value contained in secret_token.rb in an open-source product.

Ссылки

Пакеты

Наименование

authlogic

rubygems

Затронутые версииВерсия исправления

< 3.3.0

3.3.0

EPSS

Процентиль: 60%

0.004

Низкий

CVE ID

CVE-2012-6497

Дефекты

CWE-200

Связанные уязвимости

CVE-2012-6497

nvd

около 13 лет назад

The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe find_by_id method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secret_token value, as demonstrated by a value contained in secret_token.rb in an open-source product.

CVE-2012-6497

debian

около 13 лет назад

The Authlogic gem for Ruby on Rails, when used with certain versions b ...

EPSS

Процентиль: 60%

0.004

Низкий

CVE ID

CVE-2012-6497

Дефекты

CWE-200