7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.973 High
EPSS
Percentile
99.9%
There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application.
CPE | Name | Operator | Version |
---|---|---|---|
gem/actionpack | lt | 2.3.15 | |
gem/actionpack | ge | 2.4.0 | |
gem/actionpack | lt | 3.0.19 | |
gem/actionpack | ge | 3.1.0 | |
gem/actionpack | lt | 3.1.10 | |
gem/actionpack | ge | 3.2.0 | |
gem/actionpack | lt | 3.2.11 |