Lucene search
Redhat.comRH:CVE-2016-6317HistoryAug 12, 2016 - 6:18 a.m.
CVE-2016-6317
2016-08-1206:18:38
redhat.com
access.redhat.com
24
0.003 Low
EPSS
Percentile
69.3%
A flaw was found in the way Active Record handled certain special values in dynamic finders and relations. If a Ruby on Rails application performed JSON parameter parsing, a remote attacker could possibly manipulate search conditions in SQL queries generated by the application.
Related
openvas
openvas
Ruby on Rails Active Record SQL Injection Vulnerability - Windows
2016-10-13 00:00:00
Fedora Update for rubygem-actionpack FEDORA-2016-f58d7ecc8a
2016-08-30 00:00:00
Ruby on Rails Active Record SQL Injection Vulnerability - Linux
2016-10-13 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: rubygem-activerecord-4.2.5.2-2.fc24
2016-08-29 18:58:41
[SECURITY] Fedora 24 Update: rubygem-actionpack-4.2.5.2-3.fc24
2016-08-29 18:58:41
[SECURITY] Fedora 23 Update: rubygem-actionpack-4.2.3-6.fc23
2016-08-29 21:24:01
nessus
nessus
redhat
redhat
(RHSA-2016:1855) Moderate: rh-ror42 security update
2016-09-13 09:49:49
cvelist
cvelist
CVE-2016-6317
2016-09-07 19:00:00
gitlab
gitlab
Unsafe Query Generation Risk
2016-09-07 00:00:00
osv
osv
ActiveRecord in Ruby on Rails allows database-query bypass
2017-10-24 18:33:35
debiancve
debiancve
CVE-2016-6317
2016-09-07 19:28:11
cve
cve
CVE-2016-6317
2016-09-07 19:28:11
nvd
nvd
CVE-2016-6317
2016-09-07 19:28:11
github
github
ActiveRecord in Ruby on Rails allows database-query bypass
2017-10-24 18:33:35
prion
prion
Design/Logic Flaw
2016-09-07 19:28:00
ubuntucve
ubuntucve
CVE-2016-6317
2016-09-07 00:00:00
freebsd
freebsd
Rails 4 -- Unsafe Query Generation Risk in Active Record
2016-08-11 00:00:00
hackerone
hackerone