Contents

--- 
gem: activerecord
framework: rails
cve: 2013-0155
osvdb: 89025
url: https://nvd.nist.gov/vuln/detail/CVE-2013-0155
title: Ruby on Rails Active Record JSON Parameter Parsing Query Bypass 
date: 2013-01-08

description: |
  Ruby on Rails contains a flaw in the Active Record. The issue is due to an
  error with the way the Active Record handles parameters combined with an
  error during the parsing of the JSON parameters. This may allow a remote
  attacker to bypass restrictions abd issue unexpected database queries with
  "IS NULL" or empty where clauses, and forcing the query to unexpectedly check
  for NULL or eliminate a WHERE clause.

cvss_v2: 10.0

patched_versions: 
  - ~> 2.3.16
  - ~> 3.0.19
  - ~> 3.1.10
  - ">= 3.2.11"

Version data entries

1 entries across 1 versions & 1 rubygems

Version	Path
bundler-audit-0.7.0.1	data/ruby-advisory-db/gems/activerecord/CVE-2013-0155.yml