Ruby on Rails find_by_* Methods Authlogic SQL Injection Bypass
Published: December 22, 2012
SECURITY IDENTIFIERS
- CVE: CVE-2012-6496 (NVD)
- GHSA: GHSA-gh2w-j7cx-2664
- OSVDB: OSVDB-88661
- Vendor Advisory: https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM
GEM
FRAMEWORK
SEVERITY
CVSS v2.0: 6.4 (Medium)
PATCHED VERSIONS
~> 3.0.18
~> 3.1.9
>= 3.2.10
DESCRIPTION
Due to the way dynamic finders in Active Record extract options from method parameters, a method parameter can mistakenly be used as a scope. Carefully crafted requests can use the scope to inject arbitrary SQL.