Sha256: 40694608d8886c13cb9b0315b685e8eec2e60c7e684b1eae83a5fbd79f82309c
Contents?: true
Size: 688 Bytes
Versions: 1
Compression:
Stored size: 688 Bytes
Contents
--- gem: activerecord framework: rails cve: 2012-2660 osvdb: 82610 url: https://nvd.nist.gov/vuln/detail/CVE-2012-2660 title: Ruby on Rails ActiveRecord Class Rack Query Parameter Parsing SQL Query Arbitrary IS NULL Clause Injection date: 2012-05-31 description: | Ruby on Rails contains a flaw related to the way ActiveRecord handles parameters in conjunction with the way Rack parses query parameters. This issue may allow an attacker to inject arbitrary 'IS NULL' clauses in to application SQL queries. This may also allow an attacker to have the SQL query check for NULL in arbitrary places. cvss_v2: 7.5 patched_versions: - ~> 3.0.13 - ~> 3.1.5 - ">= 3.2.4"
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.7.0.1 | data/ruby-advisory-db/gems/activerecord/CVE-2012-2660.yml |