Описание
Security update for rubygem-activerecord-5.2
This update for rubygem-activerecord-5.2 fixes the following issues:
- CVE-2022-32224: Fixed possible remote code execution when using YAML serialized columns in Active Record (boo#1201465).
Список пакетов
SUSE Package Hub 15 SP4
ruby2.5-rubygem-activerecord-5.2-5.2.3-bp154.2.3.1
ruby2.5-rubygem-activerecord-doc-5.2-5.2.3-bp154.2.3.1
openSUSE Leap 15.4
ruby2.5-rubygem-activerecord-5.2-5.2.3-bp154.2.3.1
ruby2.5-rubygem-activerecord-doc-5.2-5.2.3-bp154.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2023:0009-1
- SUSE Security Ratings
- SUSE Bug 1201465
- SUSE CVE CVE-2022-32224 page
Описание
A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE.
Затронутые продукты
SUSE Package Hub 15 SP4:ruby2.5-rubygem-activerecord-5.2-5.2.3-bp154.2.3.1
SUSE Package Hub 15 SP4:ruby2.5-rubygem-activerecord-doc-5.2-5.2.3-bp154.2.3.1
openSUSE Leap 15.4:ruby2.5-rubygem-activerecord-5.2-5.2.3-bp154.2.3.1
openSUSE Leap 15.4:ruby2.5-rubygem-activerecord-doc-5.2-5.2.3-bp154.2.3.1
Ссылки
- CVE-2022-32224
- SUSE Bug 1201465