CVE-2012-6496

Опубликовано: 21 дек. 2012

Источник: redhat

CVSS2: 6.4

EPSS Низкий

Описание

SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use unexpected data types in certain find_by_ method calls.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
OpenShift Enterprise 1	ruby-rubygem-activerecord	Affected
Red Hat CloudForms Tools 1	rubygem-activerecord	Will not fix
CloudForms for RHEL 6	rubygem-actionpack	Fixed	RHSA-2013:0155	10.01.2013
CloudForms for RHEL 6	rubygem-activerecord	Fixed	RHSA-2013:0155	10.01.2013
CloudForms for RHEL 6	rubygem-activesupport	Fixed	RHSA-2013:0155	10.01.2013
Red Hat Subscription Asset Manager 1.1	rubygem-actionpack	Fixed	RHSA-2013:0154	10.01.2013
Red Hat Subscription Asset Manager 1.1	rubygem-activerecord	Fixed	RHSA-2013:0154	10.01.2013
Red Hat Subscription Asset Manager 1.1	rubygem-activesupport	Fixed	RHSA-2013:0154	10.01.2013
RHEL 6 Version of OpenShift Enterprise	jenkins	Fixed	RHSA-2013:0220	31.01.2013
RHEL 6 Version of OpenShift Enterprise	mongodb	Fixed	RHSA-2013:0220	31.01.2013

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-89

https://bugzilla.redhat.com/show_bug.cgi?id=889649rubygem-activerecord: find_by_* SQL Injection

EPSS

Процентиль: 84%

0.02213

Низкий

6.4 Medium

CVSS2

Связанные уязвимости

CVE-2012-6496

ubuntu

около 13 лет назад

CVE-2012-6496

nvd

около 13 лет назад

CVE-2012-6496

debian

около 13 лет назад

SQL injection vulnerability in the Active Record component in Ruby on ...

GHSA-gh2w-j7cx-2664

github

больше 8 лет назад

Active Record contains SQL Injection

EPSS

Процентиль: 84%

0.02213

Низкий

6.4 Medium

CVSS2