Unsafe Query Generation Risk in Ruby on Rails
Published: October 24, 2017
SECURITY IDENTIFIERS
- CVE: CVE-2012-2660 (NVD)
- GHSA: GHSA-hgpp-pp89-4fgf
- Vendor Advisory: https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ
GEM
FRAMEWORK
SEVERITY
CVSS v2.0: 6.4 (Medium)
PATCHED VERSIONS
~> 3.0.13
~> 3.1.5
>= 3.2.4
DESCRIPTION
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2694.
RELATED
- https://nvd.nist.gov/vuln/detail/CVE-2012-2660
- https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ
- https://github.com/advisories/GHSA-hgpp-pp89-4fgf
- http://rhn.redhat.com/errata/RHSA-2013-0154.html
- http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html
- http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html