Sha256: b0327a71dc5a07f3a4325df637d1ed3a2fc72ffe66748922da26b1b4eb340d3f
Contents?: true
Size: 637 Bytes
Versions: 2
Compression:
Stored size: 637 Bytes
Contents
--- url: http://osvdb.org/show/osvdb/89025 title: | Ruby on Rails Active Record JSON Parameter Parsing Query Bypass description: | Ruby on Rails contains a flaw in the Active Record. The issue is due to an error with the way the Active Record handles parameters combined with an error during the parsing of the JSON parameters. This may allow a remote attacker to bypass restrictions abd issue unexpected database queries with "IS NULL" or empty where clauses, and forcing the query to unexpectedly check for NULL or eliminate a WHERE clause. cvss_v2: 10.0 patched_versions: - ~> 3.0.19 - ~> 3.1.10 - ">= 3.2.11"
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.1.1 | data/bundler/audit/rails/2013-0155.yml |
| bundler-audit-0.1.0 | data/bundler/audit/rails/2013-0155.yml |