Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Back

---
gem: mysql-binuuid-rails
date: 2018-10-19
url: https://gist.github.com/viraptor/881276ea61e8d56bac6e28454c79f1e6
cve: 2018-18476
title: mysql-binuuid-rails allows SQL Injection by removing default string escaping
description: |
  mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes
  default string escaping for affected database columns. ActiveRecord does not
  explicitly escape the Binary data type (Type::Binary::Data) for mysql.
  mysql-binuuid-rails uses a data type that is derived from the base Binary
  type, except, it doesn’t convert the value to hex. Instead, it assumes the
  string value provided is a valid hex string and doesn’t do any checks on it.
patched_versions:
- ">= 1.1.1"
related:
  url: '["https://github.com/nedap/mysql-binuuid-rails/pull/18"]'