CVE-2018-18476 (mysql-binuuid-rails): mysql-binuuid-rails allows SQL Injection by removing default string escaping

mysql-binuuid-rails allows SQL Injection by removing default string escaping

Published: October 19, 2018

SECURITY IDENTIFIERS

CVE: CVE-2018-18476 (NVD)
GHSA: GHSA-6j63-35hj-vmcg
Vendor Advisory: https://gist.github.com/viraptor/881276ea61e8d56bac6e28454c79f1e6

GEM

mysql-binuuid-rails

SEVERITY

CVSS v3.x: 9.8 (Critical)

PATCHED VERSIONS

>= 1.1.1

DESCRIPTION

mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns. ActiveRecord does not explicitly escape the Binary data type (Type::Binary::Data) for mysql. mysql-binuuid-rails uses a data type that is derived from the base Binary type, except, it doesn’t convert the value to hex. Instead, it assumes the string value provided is a valid hex string and doesn’t do any checks on it.

https://github.com/nedap/mysql-binuuid-rails/pull/18

RubySec