6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.003 Low
EPSS
Percentile
71.3%
Ruby on Rails contains a flaw related to the way ActiveRecord handles parameters in conjunction with the way Rack parses query parameters. This issue may allow an attacker to inject arbitrary IS NULL
clauses in to application SQL queries. This may also allow an attacker to have the SQL query check for NULL
in arbitrary places.
CPE | Name | Operator | Version |
---|---|---|---|
gem/activerecord | ge | 3.0.0 | |
gem/activerecord | lt | 3.0.13 | |
gem/activerecord | ge | 3.1.0 | |
gem/activerecord | lt | 3.1.5 | |
gem/activerecord | ge | 3.2.0 | |
gem/activerecord | lt | 3.2.4 |