Sha256: 234584cad610d3bd904eaf1b55b03cefc332e59f10f372c5013ea49048d1afe3

Contents?: true

Size: 679 Bytes

Versions: 14

Compression:

Stored size: 679 Bytes

Contents

--- 
gem: activerecord
framework: rails
cve: 2012-2660
osvdb: 82610
url: http://www.osvdb.org/show/osvdb/82610
title:
  Ruby on Rails ActiveRecord Class Rack Query Parameter Parsing SQL Query
  Arbitrary IS NULL Clause Injection
date: 2012-05-31

description: |
  Ruby on Rails contains a flaw related to the way ActiveRecord handles
  parameters in conjunction with the way Rack parses query parameters.
  This issue may allow an attacker to inject arbitrary 'IS NULL' clauses in
  to application SQL queries. This may also allow an attacker to have the
  SQL query check for NULL in arbitrary places.

cvss_v2: 7.5

patched_versions: 
  - ~> 3.0.13
  - ~> 3.1.5
  - ">= 3.2.4"

Version data entries

14 entries across 14 versions & 3 rubygems

Version Path
bundler-budit-0.6.2 data/ruby-advisory-db/gems/activerecord/OSVDB-82610.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/activerecord/OSVDB-82610.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/activerecord/OSVDB-82610.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/activerecord/OSVDB-82610.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/activerecord/OSVDB-82610.yml
bundler-audit-0.4.0 data/ruby-advisory-db/gems/activerecord/OSVDB-82610.yml
bundler-audit-0.3.1 data/ruby-advisory-db/gems/activerecord/OSVDB-82610.yml
mrjoy-bundler-audit-0.3.3 data/ruby-advisory-db/gems/activerecord/OSVDB-82610.yml
mrjoy-bundler-audit-0.3.2 data/ruby-advisory-db/gems/activerecord/OSVDB-82610.yml
mrjoy-bundler-audit-0.3.1 data/ruby-advisory-db/gems/activerecord/OSVDB-82610.yml
bundler-audit-0.3.0 data/ruby-advisory-db/gems/activerecord/OSVDB-82610.yml
mrjoy-bundler-audit-0.2.1 data/ruby-advisory-db/gems/activerecord/OSVDB-82610.yml
bundler-audit-0.2.0 data/ruby-advisory-db/gems/activerecord/OSVDB-82610.yml
mrjoy-bundler-audit-0.1.4 data/ruby-advisory-db/gems/activerecord/OSVDB-82610.yml