Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-6317

Опубликовано: 07 сент. 2016
Источник: nvd
CVSS3: 7.5
CVSS2: 5
EPSS Низкий

Описание

Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:rubyonrails:rails:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.0:beta4:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.1:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.1:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.1:rc3:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.1:rc4:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.6:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.6:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.7:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:4.2.7:rc1:*:*:*:*:*:*

EPSS

Процентиль: 59%
0.00381
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-284

Связанные уязвимости

ubuntu логотип

CVE-2016-6317

CVSS3: 7.5
ubuntu
больше 9 лет назад

Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.

redhat логотип

CVE-2016-6317

CVSS3: 5.3
redhat
больше 9 лет назад

Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.

debian логотип

CVE-2016-6317

CVSS3: 7.5
debian
больше 9 лет назад

Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly ...

github логотип

GHSA-pr3r-4wrp-r2pv

CVSS3: 7.5
github
больше 8 лет назад

ActiveRecord in Ruby on Rails allows database-query bypass

EPSS

Процентиль: 59%
0.00381
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-284