| 0 |
| url |
VCID-1mc1-zb64-yued |
| vulnerability_id |
VCID-1mc1-zb64-yued |
| summary |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/activerecord@2.3.11 |
| purl |
pkg:gem/activerecord@2.3.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 3 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 4 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 5 |
| vulnerability |
VCID-cce9-3g2x-h3dt |
|
| 6 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 7 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 8 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 9 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 10 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 11 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 12 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 13 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 14 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 15 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 16 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 17 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@2.3.11 |
|
| 1 |
| url |
pkg:gem/activerecord@3.0.4 |
| purl |
pkg:gem/activerecord@3.0.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 3 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 4 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 5 |
| vulnerability |
VCID-cce9-3g2x-h3dt |
|
| 6 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 7 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 8 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 9 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 10 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 11 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 12 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 13 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 14 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 15 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 16 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 17 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.4 |
|
| 2 |
| url |
pkg:gem/activerecord@3.0.5.rc1 |
| purl |
pkg:gem/activerecord@3.0.5.rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 3 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 4 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 5 |
| vulnerability |
VCID-cce9-3g2x-h3dt |
|
| 6 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 7 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 8 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 9 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 10 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 11 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 12 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 13 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 14 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 15 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 16 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 17 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.5.rc1 |
|
|
| aliases |
CVE-2011-0448, GHSA-jmm9-2p29-vh2w
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1mc1-zb64-yued |
|
| 1 |
| url |
VCID-1r7t-2v3e-bqa9 |
| vulnerability_id |
VCID-1r7t-2v3e-bqa9 |
| summary |
Active Record component in Ruby on Rails has a data-type injection vulnerability
The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attacks against Ruby on Rails applications via a crafted value, as demonstrated by unintended interaction between the "typed XML" feature and a MySQL database. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-3221, GHSA-f57c-hx33-hvh8
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| url |
VCID-7e6a-35vx-6ygj |
| vulnerability_id |
VCID-7e6a-35vx-6ygj |
| summary |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on array columns. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:gem/activerecord@3.2.0 |
| purl |
pkg:gem/activerecord@3.2.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-cce9-3g2x-h3dt |
|
| 7 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 8 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 9 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 10 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 11 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 12 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 13 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 14 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 15 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 16 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 17 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 18 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| aliases |
CVE-2014-0080, GHSA-hqf9-rc9j-5fmj, OSV-103438
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7e6a-35vx-6ygj |
|
| 3 |
| url |
VCID-7vmk-ju1s-6qf2 |
| vulnerability_id |
VCID-7vmk-ju1s-6qf2 |
| summary |
SQL Injection in Active Record
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:gem/activerecord@4.0.0 |
| purl |
pkg:gem/activerecord@4.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 2 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 3 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 4 |
| vulnerability |
VCID-7yfa-c4dx-xfd3 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 7 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 8 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 9 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 10 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 11 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.0.0 |
|
|
| aliases |
CVE-2014-3482, GHSA-mhwp-qhpc-h3jm, OSV-108664
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7vmk-ju1s-6qf2 |
|
| 4 |
| url |
VCID-8n6u-hbhg-7qdx |
| vulnerability_id |
VCID-8n6u-hbhg-7qdx |
| summary |
Improper Input Validation
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/activerecord@2.3.9 |
| purl |
pkg:gem/activerecord@2.3.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 3 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 4 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 5 |
| vulnerability |
VCID-cce9-3g2x-h3dt |
|
| 6 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 7 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 8 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 9 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 10 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 11 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 12 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 13 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 14 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 15 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 16 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 17 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@2.3.9 |
|
| 1 |
| url |
pkg:gem/activerecord@2.3.10 |
| purl |
pkg:gem/activerecord@2.3.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 3 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 4 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 5 |
| vulnerability |
VCID-cce9-3g2x-h3dt |
|
| 6 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 7 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 8 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 9 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 10 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 11 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 12 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 13 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 14 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 15 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 16 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 17 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@2.3.10 |
|
| 2 |
| url |
pkg:gem/activerecord@3.0.1 |
| purl |
pkg:gem/activerecord@3.0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 3 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 4 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 5 |
| vulnerability |
VCID-cce9-3g2x-h3dt |
|
| 6 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 7 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 8 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 9 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 10 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 11 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 12 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 13 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 14 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 15 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 16 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 17 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.1 |
|
|
| aliases |
CVE-2010-3933, GHSA-gjxw-5w2q-7grf
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8n6u-hbhg-7qdx |
|
| 5 |
| url |
VCID-cce9-3g2x-h3dt |
| vulnerability_id |
VCID-cce9-3g2x-h3dt |
| summary |
SQL injection vulnerability in Active Record
Due to the way Active Record handles nested query parameters, an attacker can use a specially crafted request to inject some forms of SQL into your application's SQL queries. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/activerecord@2.3.14 |
| purl |
pkg:gem/activerecord@2.3.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 3 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 4 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 5 |
| vulnerability |
VCID-cce9-3g2x-h3dt |
|
| 6 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 7 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 8 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 9 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 10 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 11 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 12 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 13 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 14 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 15 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 16 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 17 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@2.3.14 |
|
| 1 |
| url |
pkg:gem/activerecord@3.0.13 |
| purl |
pkg:gem/activerecord@3.0.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 3 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 4 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 5 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 6 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 7 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 8 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 9 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 10 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 11 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 12 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 13 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 14 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 15 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.13 |
|
| 2 |
| url |
pkg:gem/activerecord@3.1.0.beta1 |
| purl |
pkg:gem/activerecord@3.1.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-cce9-3g2x-h3dt |
|
| 7 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 8 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 9 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 10 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 11 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 12 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 13 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 14 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 15 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 16 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 17 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 18 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0.beta1 |
|
| 3 |
| url |
pkg:gem/activerecord@3.1.5 |
| purl |
pkg:gem/activerecord@3.1.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 7 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 8 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 9 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 10 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 11 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 12 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 13 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 14 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 15 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 16 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.5 |
|
| 4 |
| url |
pkg:gem/activerecord@3.2.0.rc1 |
| purl |
pkg:gem/activerecord@3.2.0.rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-cce9-3g2x-h3dt |
|
| 7 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 8 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 9 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 10 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 11 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 12 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 13 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 14 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 15 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 16 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 17 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 18 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1 |
|
| 5 |
| url |
pkg:gem/activerecord@3.2.4 |
| purl |
pkg:gem/activerecord@3.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 7 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 8 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 9 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 10 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 11 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 12 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 13 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 14 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 15 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 16 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.4 |
|
|
| aliases |
CVE-2012-2661, GHSA-fh39-v733-mxfr, OSV-82403
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cce9-3g2x-h3dt |
|
| 6 |
| url |
VCID-edf6-dek6-cfgz |
| vulnerability_id |
VCID-edf6-dek6-cfgz |
| summary |
Active Record contains SQL Injection
SQL injection vulnerability in the Active Record component in Ruby on Rails before 2.3.15, 3.0.x before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use unexpected data types in certain find_by_ method calls. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/activerecord@2.3.15 |
| purl |
pkg:gem/activerecord@2.3.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 3 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 4 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 5 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 6 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 7 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 8 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 9 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 10 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 11 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 12 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 13 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 14 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@2.3.15 |
|
| 1 |
| url |
pkg:gem/activerecord@3.0.18 |
| purl |
pkg:gem/activerecord@3.0.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 3 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 4 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 5 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 6 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 7 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 8 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 9 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 10 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 11 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 12 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 13 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 14 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.18 |
|
| 2 |
| url |
pkg:gem/activerecord@3.1.0.beta1 |
| purl |
pkg:gem/activerecord@3.1.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-cce9-3g2x-h3dt |
|
| 7 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 8 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 9 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 10 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 11 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 12 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 13 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 14 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 15 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 16 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 17 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 18 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0.beta1 |
|
| 3 |
| url |
pkg:gem/activerecord@3.1.9 |
| purl |
pkg:gem/activerecord@3.1.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 7 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 8 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 9 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 10 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 11 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 12 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 13 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 14 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 15 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.9 |
|
| 4 |
| url |
pkg:gem/activerecord@3.2.0.rc1 |
| purl |
pkg:gem/activerecord@3.2.0.rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-cce9-3g2x-h3dt |
|
| 7 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 8 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 9 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 10 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 11 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 12 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 13 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 14 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 15 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 16 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 17 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 18 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1 |
|
| 5 |
| url |
pkg:gem/activerecord@3.2.10 |
| purl |
pkg:gem/activerecord@3.2.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 7 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 8 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 9 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 10 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 11 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 12 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 13 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 14 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 15 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.10 |
|
|
| aliases |
CVE-2012-6496, GHSA-gh2w-j7cx-2664, OSV-88661
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-edf6-dek6-cfgz |
|
| 7 |
|
| 8 |
| url |
VCID-gyv5-prcn-9qae |
| vulnerability_id |
VCID-gyv5-prcn-9qae |
| summary |
activerecord vulnerable to SQL Injection
Multiple SQL injection vulnerabilities in the `quote_table_name` method in the ActiveRecord adapters in `activerecord/lib/active_record/connection_adapters/` in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a crafted column name. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:gem/activerecord@2.3.14 |
| purl |
pkg:gem/activerecord@2.3.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 3 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 4 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 5 |
| vulnerability |
VCID-cce9-3g2x-h3dt |
|
| 6 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 7 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 8 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 9 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 10 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 11 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 12 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 13 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 14 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 15 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 16 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 17 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@2.3.14 |
|
| 2 |
| url |
pkg:gem/activerecord@3.0.10 |
| purl |
pkg:gem/activerecord@3.0.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 3 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 4 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 5 |
| vulnerability |
VCID-cce9-3g2x-h3dt |
|
| 6 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 7 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 8 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 9 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 10 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 11 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 12 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 13 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 14 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 15 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 16 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 17 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.10 |
|
| 3 |
| url |
pkg:gem/activerecord@3.1.0.rc5 |
| purl |
pkg:gem/activerecord@3.1.0.rc5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-cce9-3g2x-h3dt |
|
| 7 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 8 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 9 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 10 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 11 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 12 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 13 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 14 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 15 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 16 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 17 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 18 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0.rc5 |
|
| 4 |
| url |
pkg:gem/activerecord@3.1.0 |
| purl |
pkg:gem/activerecord@3.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-cce9-3g2x-h3dt |
|
| 7 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 8 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 9 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 10 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 11 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 12 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 13 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 14 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 15 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 16 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 17 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 18 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0 |
|
|
| aliases |
CVE-2011-2930, GHSA-h6w6-xmqv-7q78
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gyv5-prcn-9qae |
|
| 9 |
| url |
VCID-kt5q-24cw-3faa |
| vulnerability_id |
VCID-kt5q-24cw-3faa |
| summary |
activerecord vulnerable to SQL Injection
The Active Record component in Ruby on Rails efore 2.3.15, 3.0.x before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/activerecord@2.3.15 |
| purl |
pkg:gem/activerecord@2.3.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 3 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 4 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 5 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 6 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 7 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 8 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 9 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 10 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 11 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 12 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 13 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 14 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@2.3.15 |
|
| 1 |
| url |
pkg:gem/activerecord@3.0.14 |
| purl |
pkg:gem/activerecord@3.0.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 3 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 4 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 5 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 6 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 7 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 8 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 9 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 10 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 11 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 12 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 13 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 14 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 15 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.14 |
|
| 2 |
| url |
pkg:gem/activerecord@3.1.6 |
| purl |
pkg:gem/activerecord@3.1.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 7 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 8 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 9 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 10 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 11 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 12 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 13 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 14 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 15 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 16 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.6 |
|
| 3 |
| url |
pkg:gem/activerecord@3.2.6 |
| purl |
pkg:gem/activerecord@3.2.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 7 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 8 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 9 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 10 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 11 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 12 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 13 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 14 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 15 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 16 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.6 |
|
|
| aliases |
CVE-2012-2695, GHSA-76wq-xw4h-f8wj
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kt5q-24cw-3faa |
|
| 10 |
| url |
VCID-mdeu-hayy-hqd1 |
| vulnerability_id |
VCID-mdeu-hayy-hqd1 |
| summary |
Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0
There is a vulnerability in the serialized attribute handling code in Ruby on Rails, applications which allow users to directly assign to the serialized fields in their models are at risk of Denial of Service or Remote Code Execution vulnerabilities. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/activerecord@2.3.17 |
| purl |
pkg:gem/activerecord@2.3.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 3 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 4 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 5 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 6 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 7 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 8 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 9 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 10 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 11 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@2.3.17 |
|
| 1 |
| url |
pkg:gem/activerecord@3.1.0 |
| purl |
pkg:gem/activerecord@3.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-cce9-3g2x-h3dt |
|
| 7 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 8 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 9 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 10 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 11 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 12 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 13 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 14 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 15 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 16 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 17 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 18 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0 |
|
|
| aliases |
CVE-2013-0277, GHSA-fhj9-cjjh-27vm, OSV-90073
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mdeu-hayy-hqd1 |
|
| 11 |
| url |
VCID-p6yg-d8wm-4bgz |
| vulnerability_id |
VCID-p6yg-d8wm-4bgz |
| summary |
SQL Injection
Ruby on Rails contains a flaw related to the way ActiveRecord handles parameters in conjunction with the way Rack parses query parameters. This issue may allow an attacker to inject arbitrary `IS NULL` clauses in to application SQL queries. This may also allow an attacker to have the SQL query check for `NULL` in arbitrary places. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/activerecord@3.0.13 |
| purl |
pkg:gem/activerecord@3.0.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 3 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 4 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 5 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 6 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 7 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 8 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 9 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 10 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 11 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 12 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 13 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 14 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 15 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.13 |
|
| 1 |
| url |
pkg:gem/activerecord@3.1.0.beta1 |
| purl |
pkg:gem/activerecord@3.1.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-cce9-3g2x-h3dt |
|
| 7 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 8 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 9 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 10 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 11 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 12 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 13 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 14 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 15 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 16 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 17 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 18 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0.beta1 |
|
| 2 |
| url |
pkg:gem/activerecord@3.1.5 |
| purl |
pkg:gem/activerecord@3.1.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 7 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 8 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 9 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 10 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 11 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 12 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 13 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 14 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 15 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 16 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.5 |
|
| 3 |
| url |
pkg:gem/activerecord@3.2.0.rc1 |
| purl |
pkg:gem/activerecord@3.2.0.rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-cce9-3g2x-h3dt |
|
| 7 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 8 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 9 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 10 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 11 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 12 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 13 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 14 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 15 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 16 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 17 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 18 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1 |
|
| 4 |
| url |
pkg:gem/activerecord@3.2.4 |
| purl |
pkg:gem/activerecord@3.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 7 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 8 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 9 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 10 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 11 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 12 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 13 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 14 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 15 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 16 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.4 |
|
|
| aliases |
CVE-2012-2660, GHSA-hgpp-pp89-4fgf, OSV-82610
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p6yg-d8wm-4bgz |
|
| 12 |
| url |
VCID-pt1n-pq3j-jbg5 |
| vulnerability_id |
VCID-pt1n-pq3j-jbg5 |
| summary |
Active Record logging vulnerable to ANSI escape injection
This vulnerability has been assigned the CVE identifier CVE-2025-55193
### Impact
The ID passed to `find` or similar methods may be logged without
escaping. If this is directly to the terminal, it may include
unescaped ANSI sequences.
### Releases
The fixed releases are available at the normal locations.
### Credits
Thanks to [lio346](https://hackerone.com/lio346) for reporting
this vulnerability. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-55193, GHSA-76r7-hhxj-r776
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pt1n-pq3j-jbg5 |
|
| 13 |
| url |
VCID-rqsw-ndbm-xbfh |
| vulnerability_id |
VCID-rqsw-ndbm-xbfh |
| summary |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/activerecord@2.0.0 |
| purl |
pkg:gem/activerecord@2.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 3 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 4 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 5 |
| vulnerability |
VCID-cce9-3g2x-h3dt |
|
| 6 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 7 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 8 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 9 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 10 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 11 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 12 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 13 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 14 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 15 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 16 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 17 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@2.0.0 |
|
| 1 |
| url |
pkg:gem/activerecord@2.1.1 |
| purl |
pkg:gem/activerecord@2.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 3 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 4 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 5 |
| vulnerability |
VCID-cce9-3g2x-h3dt |
|
| 6 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 7 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 8 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 9 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 10 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 11 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 12 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 13 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 14 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 15 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 16 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 17 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@2.1.1 |
|
|
| aliases |
CVE-2008-4094, GHSA-xf96-32q2-9rw2
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rqsw-ndbm-xbfh |
|
| 14 |
| url |
VCID-sb81-8nm8-dudw |
| vulnerability_id |
VCID-sb81-8nm8-dudw |
| summary |
Circumvention of attr_protected
The attr_protected method allows developers to specify a denylist of model attributes which users should not be allowed to assign to. By using a specially crafted request, attackers could circumvent this protection and alter values that were meant to be protected. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/activerecord@2.3.17 |
| purl |
pkg:gem/activerecord@2.3.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 3 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 4 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 5 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 6 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 7 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 8 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 9 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 10 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 11 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@2.3.17 |
|
| 1 |
| url |
pkg:gem/activerecord@3.1.11 |
| purl |
pkg:gem/activerecord@3.1.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 7 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 8 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 9 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 10 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 11 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 12 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.11 |
|
| 2 |
| url |
pkg:gem/activerecord@3.2.0.rc1 |
| purl |
pkg:gem/activerecord@3.2.0.rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-cce9-3g2x-h3dt |
|
| 7 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 8 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 9 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 10 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 11 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 12 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 13 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 14 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 15 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 16 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 17 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 18 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1 |
|
| 3 |
| url |
pkg:gem/activerecord@3.2.12 |
| purl |
pkg:gem/activerecord@3.2.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 7 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 8 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 9 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 10 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 11 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 12 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.12 |
|
|
| aliases |
CVE-2013-0276, GHSA-gr44-7grc-37vq, OSV-90072
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sb81-8nm8-dudw |
|
| 15 |
| url |
VCID-wcvv-uw9g-nkdz |
| vulnerability_id |
VCID-wcvv-uw9g-nkdz |
| summary |
Strong Parameter bypass with create_with
The `create_with` functionality in Active Record was implemented incorrectly and completely bypasses the strong parameter protection. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2014-3514, GHSA-9rf5-jm6f-2fmm
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wcvv-uw9g-nkdz |
|
| 16 |
| url |
VCID-wt9d-ejgc-ryg7 |
| vulnerability_id |
VCID-wt9d-ejgc-ryg7 |
| summary |
Unsafe Query Generation Risk in Ruby on Rails
Due to the way Active Record interprets parameters in combination with the way that JSON parameters are parsed, it is possible for an attacker to issue unexpected database queries with "IS NULL" or empty where clauses. This issue does *not* let an attacker insert arbitrary values into an SQL query, however they can cause the query to check for NULL or eliminate a WHERE clause when most users wouldn't expect it. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/activerecord@3.0.19 |
| purl |
pkg:gem/activerecord@3.0.19 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 3 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 4 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 5 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 6 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 7 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 8 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 9 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 10 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 11 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 12 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 13 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.19 |
|
| 1 |
| url |
pkg:gem/activerecord@3.1.0.beta1 |
| purl |
pkg:gem/activerecord@3.1.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-cce9-3g2x-h3dt |
|
| 7 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 8 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 9 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 10 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 11 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 12 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 13 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 14 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 15 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 16 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 17 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 18 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0.beta1 |
|
| 2 |
| url |
pkg:gem/activerecord@3.1.10 |
| purl |
pkg:gem/activerecord@3.1.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 7 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 8 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 9 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 10 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 11 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 12 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 13 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 14 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.10 |
|
| 3 |
| url |
pkg:gem/activerecord@3.2.0.rc1 |
| purl |
pkg:gem/activerecord@3.2.0.rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-cce9-3g2x-h3dt |
|
| 7 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 8 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 9 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 10 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 11 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 12 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 13 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 14 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 15 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 16 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 17 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 18 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1 |
|
| 4 |
| url |
pkg:gem/activerecord@3.2.11 |
| purl |
pkg:gem/activerecord@3.2.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 7 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 8 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 9 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 10 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 11 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 12 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 13 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 14 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.11 |
|
|
| aliases |
CVE-2013-0155, GHSA-gppp-5xc5-wfpx, OSV-89025
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wt9d-ejgc-ryg7 |
|
| 17 |
| url |
VCID-wu15-9j1q-17ag |
| vulnerability_id |
VCID-wu15-9j1q-17ag |
| summary |
Symbol DoS vulnerability in Active Record
When a hash is provided as the find value for a query, the keys of the hash may be converted to symbols. Carefully crafted requests can coerce `params[:name]` to return a hash, and the keys to that hash may be converted to symbols. All users running an affected release should either upgrade or use one of the work arounds immediately. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/activerecord@2.3.18 |
| purl |
pkg:gem/activerecord@2.3.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 3 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 4 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 5 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 6 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 7 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 8 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 9 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 10 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 11 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@2.3.18 |
|
| 1 |
| url |
pkg:gem/activerecord@3.0.0 |
| purl |
pkg:gem/activerecord@3.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-cce9-3g2x-h3dt |
|
| 7 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 8 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 9 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 10 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 11 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 12 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 13 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 14 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 15 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 16 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 17 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 18 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.0 |
|
| 2 |
| url |
pkg:gem/activerecord@3.1.12 |
| purl |
pkg:gem/activerecord@3.1.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 7 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 8 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 9 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 10 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 11 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 12 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.12 |
|
| 3 |
| url |
pkg:gem/activerecord@3.2.13 |
| purl |
pkg:gem/activerecord@3.2.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 7 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 8 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 9 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 10 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 11 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 12 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.13 |
|
|
| aliases |
CVE-2013-1854, GHSA-3crr-9vmg-864v, OSV-91453
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wu15-9j1q-17ag |
|