Описание
The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage unintended recursion, a related issue to CVE-2012-2695.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | contains no code |
| hardy | not-affected | |
| lucid | not-affected | |
| natty | not-affected | |
| oneiric | not-affected | contains no code |
| precise | not-affected | contains no code |
| upstream | released | 3.2.4, 3.1.5, 3.0.13 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| hardy | DNE | |
| lucid | DNE | |
| natty | DNE | |
| oneiric | not-affected | |
| precise | not-affected | |
| upstream | not-affected |
Показывать по
Ссылки на источники
EPSS
5 Medium
CVSS2
Связанные уязвимости
The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage unintended recursion, a related issue to CVE-2012-2695.
The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage unintended recursion, a related issue to CVE-2012-2695.
The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1. ...
Active Record vulnerable to SQL Injection via nested query parameters
EPSS
5 Medium
CVSS2