Lucene search
Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-458067D17304B1F214D926D8775EF9E6HistoryJun 22, 2012 - 12:00 a.m.
SQL Injection
2012-06-2200:00:00
https://gitlab.com/gitlab-org/security-products/gemnasium-db
gitlab.com
16
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.003 Low
EPSS
Percentile
71.3%
Ruby on Rails contains a flaw related to the way ActiveRecord handles parameters in conjunction with the way Rack parses query parameters. This issue may allow an attacker to inject arbitrary IS NULL clauses in to application SQL queries. This may also allow an attacker to have the SQL query check for NULL in arbitrary places.
Affected configurations
Node
gemactiverecordRange3.0.0≥
ORgemactiverecordRange<3.0.13
ORgemactiverecordRange3.1.0≥
ORgemactiverecordRange<3.1.5
ORgemactiverecordRange3.2.0≥
ORgemactiverecordRange<3.2.4
| CPE | Name | Operator | Version |
|---|---|---|---|
| gem/activerecord | ge | 3.0.0 | |
| gem/activerecord | lt | 3.0.13 | |
| gem/activerecord | ge | 3.1.0 | |
| gem/activerecord | lt | 3.1.5 | |
| gem/activerecord | ge | 3.2.0 | |
| gem/activerecord | lt | 3.2.4 |
Related
nessus
nessus
Fedora 16 : rubygem-actionpack-3.0.10-6.fc16 (2012-8883)
2012-06-15 00:00:00
Fedora 17 : rubygem-actionpack-3.0.11-4.fc17 (2012-8868)
2012-06-15 00:00:00
Fedora 15 : rubygem-actionpack-3.0.5-8.fc15 (2012-8912)
2012-06-18 00:00:00
openvas
openvas
Fedora Update for rubygem-actionpack FEDORA-2012-8868
2012-08-30 00:00:00
Fedora Update for rubygem-actionpack FEDORA-2012-8868
2012-08-30 00:00:00
Fedora Update for rubygem-actionpack FEDORA-2012-9606
2012-08-30 00:00:00
silentrobots
silentrobots
Searching Through Git Commits
2014-10-06 04:00:00
Searching Through Git Commits
2014-10-06 04:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: rubygem-actionpack-3.0.11-4.fc17
2012-06-15 00:24:01
[SECURITY] Fedora 17 Update: rubygem-actionpack-3.0.11-5.fc17
2012-06-30 08:25:56
[SECURITY] Fedora 17 Update: rubygem-actionpack-3.0.11-6.fc17
2012-08-09 23:18:43
rubygems
rubygems
Unsafe Query Generation Risk in Ruby on Rails
2017-10-23 21:00:00
CVE-2012-2660 rubygem-actionpack: Unsafe query generation
2012-05-30 20:00:00
ubuntucve
ubuntucve
cvelist
cvelist
gitlab
gitlab
Moderate severity vulnerability that affects actionpack
2017-10-24 00:00:00
Moderate severity vulnerability that affects actionpack
2017-10-24 00:00:00
Unsafe Query Generation Risk
2016-09-07 00:00:00
osv
osv
github
github
Action Pack contains database-query restrictions bypass
2017-10-24 18:33:38
actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request
2017-10-24 18:33:38
Moderate severity vulnerability that affects activerecord
2018-08-13 20:49:01
veracode
veracode
Database-query Authentication Bypass
2019-01-15 08:53:36
cve
cve
nvd
nvd
freebsd
freebsd
rubygem-activerecord -- multiple vulnerabilities
2012-05-31 00:00:00
Rails 4 -- Unsafe Query Generation Risk in Active Record
2016-08-11 00:00:00
suse
suse
Security update for rubygem-actionpack (important)
2012-08-21 20:08:29
rubygem-actionpack/activerecord-2_3 (important)
2012-08-09 18:08:34
Security update for rubygem-actionpack (important)
2012-08-21 19:08:38
prion
prion
Race condition
2012-06-22 14:55:00
Race condition
2012-06-22 14:55:00
Design/Logic Flaw
2013-01-13 22:55:00
debiancve
debiancve
CVE-2013-0155
2013-01-13 22:55:00
CVE-2016-6317
2016-09-07 19:28:11
hackerone
hackerone
ibm
ibm
redhat
redhat
(RHSA-2013:0154) Critical: Ruby on Rails security update
2013-01-10 20:37:00
(RHSA-2013:0582) Moderate: Red Hat OpenShift Enterprise 1.1.1 update
2013-02-28 00:00:00
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.003 Low
EPSS
Percentile
71.3%
Related for GITLAB-458067D17304B1F214D926D8775EF9E6