| 0 |
| url |
VCID-1mc1-zb64-yued |
| vulnerability_id |
VCID-1mc1-zb64-yued |
| summary |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-0448, GHSA-jmm9-2p29-vh2w
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1mc1-zb64-yued |
|
| 1 |
| url |
VCID-1r7t-2v3e-bqa9 |
| vulnerability_id |
VCID-1r7t-2v3e-bqa9 |
| summary |
Active Record component in Ruby on Rails has a data-type injection vulnerability
The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attacks against Ruby on Rails applications via a crafted value, as demonstrated by unintended interaction between the "typed XML" feature and a MySQL database. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-3221, GHSA-f57c-hx33-hvh8
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| url |
VCID-7e6a-35vx-6ygj |
| vulnerability_id |
VCID-7e6a-35vx-6ygj |
| summary |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on array columns. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:gem/activerecord@3.2.0 |
| purl |
pkg:gem/activerecord@3.2.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-cce9-3g2x-h3dt |
|
| 7 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 8 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 9 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 10 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 11 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 12 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 13 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 14 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 15 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 16 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 17 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 18 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| aliases |
CVE-2014-0080, GHSA-hqf9-rc9j-5fmj, OSV-103438
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7e6a-35vx-6ygj |
|
| 3 |
| url |
VCID-7vmk-ju1s-6qf2 |
| vulnerability_id |
VCID-7vmk-ju1s-6qf2 |
| summary |
SQL Injection in Active Record
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:gem/activerecord@4.0.0 |
| purl |
pkg:gem/activerecord@4.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 2 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 3 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 4 |
| vulnerability |
VCID-7yfa-c4dx-xfd3 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 7 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 8 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 9 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 10 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 11 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.0.0 |
|
|
| aliases |
CVE-2014-3482, GHSA-mhwp-qhpc-h3jm, OSV-108664
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7vmk-ju1s-6qf2 |
|
| 4 |
| url |
VCID-8n6u-hbhg-7qdx |
| vulnerability_id |
VCID-8n6u-hbhg-7qdx |
| summary |
Improper Input Validation
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2010-3933, GHSA-gjxw-5w2q-7grf
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8n6u-hbhg-7qdx |
|
| 5 |
| url |
VCID-edf6-dek6-cfgz |
| vulnerability_id |
VCID-edf6-dek6-cfgz |
| summary |
Active Record contains SQL Injection
SQL injection vulnerability in the Active Record component in Ruby on Rails before 2.3.15, 3.0.x before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use unexpected data types in certain find_by_ method calls. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/activerecord@3.0.18 |
| purl |
pkg:gem/activerecord@3.0.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 3 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 4 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 5 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 6 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 7 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 8 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 9 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 10 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 11 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 12 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 13 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 14 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.18 |
|
| 1 |
| url |
pkg:gem/activerecord@3.1.0.beta1 |
| purl |
pkg:gem/activerecord@3.1.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-cce9-3g2x-h3dt |
|
| 7 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 8 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 9 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 10 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 11 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 12 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 13 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 14 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 15 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 16 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 17 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 18 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0.beta1 |
|
| 2 |
| url |
pkg:gem/activerecord@3.1.9 |
| purl |
pkg:gem/activerecord@3.1.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 7 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 8 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 9 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 10 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 11 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 12 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 13 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 14 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 15 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.9 |
|
| 3 |
| url |
pkg:gem/activerecord@3.2.0.rc1 |
| purl |
pkg:gem/activerecord@3.2.0.rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-cce9-3g2x-h3dt |
|
| 7 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 8 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 9 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 10 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 11 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 12 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 13 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 14 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 15 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 16 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 17 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 18 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1 |
|
| 4 |
| url |
pkg:gem/activerecord@3.2.10 |
| purl |
pkg:gem/activerecord@3.2.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 7 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 8 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 9 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 10 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 11 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 12 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 13 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 14 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 15 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.10 |
|
|
| aliases |
CVE-2012-6496, GHSA-gh2w-j7cx-2664, OSV-88661
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-edf6-dek6-cfgz |
|
| 6 |
|
| 7 |
| url |
VCID-gyv5-prcn-9qae |
| vulnerability_id |
VCID-gyv5-prcn-9qae |
| summary |
activerecord vulnerable to SQL Injection
Multiple SQL injection vulnerabilities in the `quote_table_name` method in the ActiveRecord adapters in `activerecord/lib/active_record/connection_adapters/` in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a crafted column name. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/activerecord@3.1.0.rc5 |
| purl |
pkg:gem/activerecord@3.1.0.rc5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-cce9-3g2x-h3dt |
|
| 7 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 8 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 9 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 10 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 11 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 12 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 13 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 14 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 15 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 16 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 17 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 18 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0.rc5 |
|
| 1 |
| url |
pkg:gem/activerecord@3.1.0 |
| purl |
pkg:gem/activerecord@3.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-cce9-3g2x-h3dt |
|
| 7 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 8 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 9 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 10 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 11 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 12 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 13 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 14 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 15 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 16 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 17 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 18 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0 |
|
|
| aliases |
CVE-2011-2930, GHSA-h6w6-xmqv-7q78
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gyv5-prcn-9qae |
|
| 8 |
| url |
VCID-kt5q-24cw-3faa |
| vulnerability_id |
VCID-kt5q-24cw-3faa |
| summary |
activerecord vulnerable to SQL Injection
The Active Record component in Ruby on Rails efore 2.3.15, 3.0.x before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/activerecord@3.1.6 |
| purl |
pkg:gem/activerecord@3.1.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 7 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 8 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 9 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 10 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 11 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 12 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 13 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 14 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 15 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 16 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.6 |
|
| 1 |
| url |
pkg:gem/activerecord@3.2.6 |
| purl |
pkg:gem/activerecord@3.2.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 7 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 8 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 9 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 10 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 11 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 12 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 13 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 14 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 15 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 16 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.6 |
|
|
| aliases |
CVE-2012-2695, GHSA-76wq-xw4h-f8wj
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kt5q-24cw-3faa |
|
| 9 |
| url |
VCID-mdeu-hayy-hqd1 |
| vulnerability_id |
VCID-mdeu-hayy-hqd1 |
| summary |
Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0
There is a vulnerability in the serialized attribute handling code in Ruby on Rails, applications which allow users to directly assign to the serialized fields in their models are at risk of Denial of Service or Remote Code Execution vulnerabilities. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/activerecord@3.1.0 |
| purl |
pkg:gem/activerecord@3.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-cce9-3g2x-h3dt |
|
| 7 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 8 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 9 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 10 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 11 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 12 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 13 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 14 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 15 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 16 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 17 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 18 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0 |
|
|
| aliases |
CVE-2013-0277, GHSA-fhj9-cjjh-27vm, OSV-90073
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mdeu-hayy-hqd1 |
|
| 10 |
| url |
VCID-pt1n-pq3j-jbg5 |
| vulnerability_id |
VCID-pt1n-pq3j-jbg5 |
| summary |
Active Record logging vulnerable to ANSI escape injection
This vulnerability has been assigned the CVE identifier CVE-2025-55193
### Impact
The ID passed to `find` or similar methods may be logged without
escaping. If this is directly to the terminal, it may include
unescaped ANSI sequences.
### Releases
The fixed releases are available at the normal locations.
### Credits
Thanks to [lio346](https://hackerone.com/lio346) for reporting
this vulnerability. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-55193, GHSA-76r7-hhxj-r776
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pt1n-pq3j-jbg5 |
|
| 11 |
| url |
VCID-rqsw-ndbm-xbfh |
| vulnerability_id |
VCID-rqsw-ndbm-xbfh |
| summary |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
|
| fixed_packages |
|
| aliases |
CVE-2008-4094, GHSA-xf96-32q2-9rw2
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rqsw-ndbm-xbfh |
|
| 12 |
| url |
VCID-sb81-8nm8-dudw |
| vulnerability_id |
VCID-sb81-8nm8-dudw |
| summary |
Circumvention of attr_protected
The attr_protected method allows developers to specify a denylist of model attributes which users should not be allowed to assign to. By using a specially crafted request, attackers could circumvent this protection and alter values that were meant to be protected. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/activerecord@3.1.11 |
| purl |
pkg:gem/activerecord@3.1.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 7 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 8 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 9 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 10 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 11 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 12 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.11 |
|
| 1 |
| url |
pkg:gem/activerecord@3.2.0.rc1 |
| purl |
pkg:gem/activerecord@3.2.0.rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-cce9-3g2x-h3dt |
|
| 7 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 8 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 9 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 10 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 11 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 12 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 13 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 14 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 15 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 16 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 17 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 18 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1 |
|
| 2 |
| url |
pkg:gem/activerecord@3.2.12 |
| purl |
pkg:gem/activerecord@3.2.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 7 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 8 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 9 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 10 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 11 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 12 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.12 |
|
|
| aliases |
CVE-2013-0276, GHSA-gr44-7grc-37vq, OSV-90072
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sb81-8nm8-dudw |
|
| 13 |
| url |
VCID-wcvv-uw9g-nkdz |
| vulnerability_id |
VCID-wcvv-uw9g-nkdz |
| summary |
Strong Parameter bypass with create_with
The `create_with` functionality in Active Record was implemented incorrectly and completely bypasses the strong parameter protection. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2014-3514, GHSA-9rf5-jm6f-2fmm
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wcvv-uw9g-nkdz |
|
| 14 |
| url |
VCID-wt9d-ejgc-ryg7 |
| vulnerability_id |
VCID-wt9d-ejgc-ryg7 |
| summary |
Unsafe Query Generation Risk in Ruby on Rails
Due to the way Active Record interprets parameters in combination with the way that JSON parameters are parsed, it is possible for an attacker to issue unexpected database queries with "IS NULL" or empty where clauses. This issue does *not* let an attacker insert arbitrary values into an SQL query, however they can cause the query to check for NULL or eliminate a WHERE clause when most users wouldn't expect it. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/activerecord@3.0.19 |
| purl |
pkg:gem/activerecord@3.0.19 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 3 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 4 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 5 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 6 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 7 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 8 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 9 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 10 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 11 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 12 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 13 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.19 |
|
| 1 |
| url |
pkg:gem/activerecord@3.1.0.beta1 |
| purl |
pkg:gem/activerecord@3.1.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-cce9-3g2x-h3dt |
|
| 7 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 8 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 9 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 10 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 11 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 12 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 13 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 14 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 15 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 16 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 17 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 18 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0.beta1 |
|
| 2 |
| url |
pkg:gem/activerecord@3.1.10 |
| purl |
pkg:gem/activerecord@3.1.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 7 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 8 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 9 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 10 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 11 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 12 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 13 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 14 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.10 |
|
| 3 |
| url |
pkg:gem/activerecord@3.2.0.rc1 |
| purl |
pkg:gem/activerecord@3.2.0.rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-cce9-3g2x-h3dt |
|
| 7 |
| vulnerability |
VCID-edf6-dek6-cfgz |
|
| 8 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 9 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 10 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 11 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 12 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 13 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 14 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 15 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 16 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 17 |
| vulnerability |
VCID-wt9d-ejgc-ryg7 |
|
| 18 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1 |
|
| 4 |
| url |
pkg:gem/activerecord@3.2.11 |
| purl |
pkg:gem/activerecord@3.2.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 7 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 8 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 9 |
| vulnerability |
VCID-mdeu-hayy-hqd1 |
|
| 10 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 11 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 12 |
| vulnerability |
VCID-sb81-8nm8-dudw |
|
| 13 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 14 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.11 |
|
|
| aliases |
CVE-2013-0155, GHSA-gppp-5xc5-wfpx, OSV-89025
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wt9d-ejgc-ryg7 |
|
| 15 |
| url |
VCID-wu15-9j1q-17ag |
| vulnerability_id |
VCID-wu15-9j1q-17ag |
| summary |
Symbol DoS vulnerability in Active Record
When a hash is provided as the find value for a query, the keys of the hash may be converted to symbols. Carefully crafted requests can coerce `params[:name]` to return a hash, and the keys to that hash may be converted to symbols. All users running an affected release should either upgrade or use one of the work arounds immediately. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/activerecord@3.1.12 |
| purl |
pkg:gem/activerecord@3.1.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 7 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 8 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 9 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 10 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 11 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 12 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.12 |
|
| 1 |
| url |
pkg:gem/activerecord@3.2.13 |
| purl |
pkg:gem/activerecord@3.2.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mc1-zb64-yued |
|
| 1 |
| vulnerability |
VCID-1r7t-2v3e-bqa9 |
|
| 2 |
| vulnerability |
VCID-79jn-p5u5-wqae |
|
| 3 |
| vulnerability |
VCID-7e6a-35vx-6ygj |
|
| 4 |
| vulnerability |
VCID-7vmk-ju1s-6qf2 |
|
| 5 |
| vulnerability |
VCID-8n6u-hbhg-7qdx |
|
| 6 |
| vulnerability |
VCID-f3xg-8e57-f7d9 |
|
| 7 |
| vulnerability |
VCID-gyv5-prcn-9qae |
|
| 8 |
| vulnerability |
VCID-kt5q-24cw-3faa |
|
| 9 |
| vulnerability |
VCID-pt1n-pq3j-jbg5 |
|
| 10 |
| vulnerability |
VCID-rqsw-ndbm-xbfh |
|
| 11 |
| vulnerability |
VCID-wcvv-uw9g-nkdz |
|
| 12 |
| vulnerability |
VCID-wu15-9j1q-17ag |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.13 |
|
|
| aliases |
CVE-2013-1854, GHSA-3crr-9vmg-864v, OSV-91453
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wu15-9j1q-17ag |
|