| 0 |
| url |
VCID-12f4-gcj5-h3cu |
| vulnerability_id |
VCID-12f4-gcj5-h3cu |
| summary |
activerecord vulnerable to SQL Injection
The Active Record component in Ruby on Rails efore 2.3.15, 3.0.x before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/activerecord@3.1.6 |
| purl |
pkg:gem/activerecord@3.1.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12f4-gcj5-h3cu |
|
| 1 |
| vulnerability |
VCID-1r5t-n9ys-zbbu |
|
| 2 |
| vulnerability |
VCID-2bpy-kbwe-zbg8 |
|
| 3 |
| vulnerability |
VCID-2dgz-cqjx-bkaw |
|
| 4 |
| vulnerability |
VCID-2vex-unxw-jub9 |
|
| 5 |
| vulnerability |
VCID-3gxu-74a5-m7cv |
|
| 6 |
| vulnerability |
VCID-3sqw-5cpa-5qgg |
|
| 7 |
| vulnerability |
VCID-57uk-2vgz-kyhn |
|
| 8 |
| vulnerability |
VCID-9xfd-d2ff-uuec |
|
| 9 |
| vulnerability |
VCID-c3hd-njh3-b3bg |
|
| 10 |
| vulnerability |
VCID-d7z6-98fp-r3g2 |
|
| 11 |
| vulnerability |
VCID-jhtd-7tmy-jfaj |
|
| 12 |
| vulnerability |
VCID-jug9-esjy-8fh5 |
|
| 13 |
| vulnerability |
VCID-k8rq-jbrg-3qb3 |
|
| 14 |
| vulnerability |
VCID-v12d-fr9k-7ufu |
|
| 15 |
| vulnerability |
VCID-vbkg-umrg-gkfm |
|
| 16 |
| vulnerability |
VCID-vvth-cjt4-akg8 |
|
| 17 |
| vulnerability |
VCID-yd25-ket2-67d3 |
|
| 18 |
| vulnerability |
VCID-zy5d-6a4f-wua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.6 |
|
| 1 |
| url |
pkg:gem/activerecord@3.2.6 |
| purl |
pkg:gem/activerecord@3.2.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12f4-gcj5-h3cu |
|
| 1 |
| vulnerability |
VCID-1r5t-n9ys-zbbu |
|
| 2 |
| vulnerability |
VCID-2bpy-kbwe-zbg8 |
|
| 3 |
| vulnerability |
VCID-2dgz-cqjx-bkaw |
|
| 4 |
| vulnerability |
VCID-2vex-unxw-jub9 |
|
| 5 |
| vulnerability |
VCID-3gxu-74a5-m7cv |
|
| 6 |
| vulnerability |
VCID-3sqw-5cpa-5qgg |
|
| 7 |
| vulnerability |
VCID-57uk-2vgz-kyhn |
|
| 8 |
| vulnerability |
VCID-9xfd-d2ff-uuec |
|
| 9 |
| vulnerability |
VCID-c3hd-njh3-b3bg |
|
| 10 |
| vulnerability |
VCID-d7z6-98fp-r3g2 |
|
| 11 |
| vulnerability |
VCID-jhtd-7tmy-jfaj |
|
| 12 |
| vulnerability |
VCID-jug9-esjy-8fh5 |
|
| 13 |
| vulnerability |
VCID-k8rq-jbrg-3qb3 |
|
| 14 |
| vulnerability |
VCID-v12d-fr9k-7ufu |
|
| 15 |
| vulnerability |
VCID-vbkg-umrg-gkfm |
|
| 16 |
| vulnerability |
VCID-vvth-cjt4-akg8 |
|
| 17 |
| vulnerability |
VCID-yd25-ket2-67d3 |
|
| 18 |
| vulnerability |
VCID-zy5d-6a4f-wua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.6 |
|
|
| aliases |
CVE-2012-2695, GHSA-76wq-xw4h-f8wj
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-12f4-gcj5-h3cu |
|
| 1 |
| url |
VCID-1r5t-n9ys-zbbu |
| vulnerability_id |
VCID-1r5t-n9ys-zbbu |
| summary |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-0448, GHSA-jmm9-2p29-vh2w
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1r5t-n9ys-zbbu |
|
| 2 |
|
| 3 |
| url |
VCID-2dgz-cqjx-bkaw |
| vulnerability_id |
VCID-2dgz-cqjx-bkaw |
| summary |
activerecord vulnerable to SQL Injection
Multiple SQL injection vulnerabilities in the `quote_table_name` method in the ActiveRecord adapters in `activerecord/lib/active_record/connection_adapters/` in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a crafted column name. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/activerecord@3.1.0 |
| purl |
pkg:gem/activerecord@3.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12f4-gcj5-h3cu |
|
| 1 |
| vulnerability |
VCID-1r5t-n9ys-zbbu |
|
| 2 |
| vulnerability |
VCID-2bpy-kbwe-zbg8 |
|
| 3 |
| vulnerability |
VCID-2dgz-cqjx-bkaw |
|
| 4 |
| vulnerability |
VCID-2vex-unxw-jub9 |
|
| 5 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 6 |
| vulnerability |
VCID-3gxu-74a5-m7cv |
|
| 7 |
| vulnerability |
VCID-3sqw-5cpa-5qgg |
|
| 8 |
| vulnerability |
VCID-57uk-2vgz-kyhn |
|
| 9 |
| vulnerability |
VCID-9xfd-d2ff-uuec |
|
| 10 |
| vulnerability |
VCID-c3hd-njh3-b3bg |
|
| 11 |
| vulnerability |
VCID-d7z6-98fp-r3g2 |
|
| 12 |
| vulnerability |
VCID-jhtd-7tmy-jfaj |
|
| 13 |
| vulnerability |
VCID-jug9-esjy-8fh5 |
|
| 14 |
| vulnerability |
VCID-k8rq-jbrg-3qb3 |
|
| 15 |
| vulnerability |
VCID-p5sk-7xnp-fygg |
|
| 16 |
| vulnerability |
VCID-v12d-fr9k-7ufu |
|
| 17 |
| vulnerability |
VCID-vbkg-umrg-gkfm |
|
| 18 |
| vulnerability |
VCID-vvth-cjt4-akg8 |
|
| 19 |
| vulnerability |
VCID-yd25-ket2-67d3 |
|
| 20 |
| vulnerability |
VCID-zy5d-6a4f-wua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0 |
|
|
| aliases |
CVE-2011-2930, GHSA-h6w6-xmqv-7q78
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2dgz-cqjx-bkaw |
|
| 4 |
| url |
VCID-2vex-unxw-jub9 |
| vulnerability_id |
VCID-2vex-unxw-jub9 |
| summary |
Circumvention of attr_protected
The attr_protected method allows developers to specify a denylist of model attributes which users should not be allowed to assign to. By using a specially crafted request, attackers could circumvent this protection and alter values that were meant to be protected. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/activerecord@3.1.11 |
| purl |
pkg:gem/activerecord@3.1.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12f4-gcj5-h3cu |
|
| 1 |
| vulnerability |
VCID-1r5t-n9ys-zbbu |
|
| 2 |
| vulnerability |
VCID-2bpy-kbwe-zbg8 |
|
| 3 |
| vulnerability |
VCID-2dgz-cqjx-bkaw |
|
| 4 |
| vulnerability |
VCID-3gxu-74a5-m7cv |
|
| 5 |
| vulnerability |
VCID-57uk-2vgz-kyhn |
|
| 6 |
| vulnerability |
VCID-9xfd-d2ff-uuec |
|
| 7 |
| vulnerability |
VCID-c3hd-njh3-b3bg |
|
| 8 |
| vulnerability |
VCID-d7z6-98fp-r3g2 |
|
| 9 |
| vulnerability |
VCID-jhtd-7tmy-jfaj |
|
| 10 |
| vulnerability |
VCID-jug9-esjy-8fh5 |
|
| 11 |
| vulnerability |
VCID-k8rq-jbrg-3qb3 |
|
| 12 |
| vulnerability |
VCID-v12d-fr9k-7ufu |
|
| 13 |
| vulnerability |
VCID-vbkg-umrg-gkfm |
|
| 14 |
| vulnerability |
VCID-zy5d-6a4f-wua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.11 |
|
| 1 |
| url |
pkg:gem/activerecord@3.2.0.rc1 |
| purl |
pkg:gem/activerecord@3.2.0.rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12f4-gcj5-h3cu |
|
| 1 |
| vulnerability |
VCID-1r5t-n9ys-zbbu |
|
| 2 |
| vulnerability |
VCID-2bpy-kbwe-zbg8 |
|
| 3 |
| vulnerability |
VCID-2dgz-cqjx-bkaw |
|
| 4 |
| vulnerability |
VCID-2vex-unxw-jub9 |
|
| 5 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 6 |
| vulnerability |
VCID-3gxu-74a5-m7cv |
|
| 7 |
| vulnerability |
VCID-3sqw-5cpa-5qgg |
|
| 8 |
| vulnerability |
VCID-57uk-2vgz-kyhn |
|
| 9 |
| vulnerability |
VCID-9xfd-d2ff-uuec |
|
| 10 |
| vulnerability |
VCID-c3hd-njh3-b3bg |
|
| 11 |
| vulnerability |
VCID-d7z6-98fp-r3g2 |
|
| 12 |
| vulnerability |
VCID-jhtd-7tmy-jfaj |
|
| 13 |
| vulnerability |
VCID-jug9-esjy-8fh5 |
|
| 14 |
| vulnerability |
VCID-k8rq-jbrg-3qb3 |
|
| 15 |
| vulnerability |
VCID-p5sk-7xnp-fygg |
|
| 16 |
| vulnerability |
VCID-v12d-fr9k-7ufu |
|
| 17 |
| vulnerability |
VCID-vbkg-umrg-gkfm |
|
| 18 |
| vulnerability |
VCID-vvth-cjt4-akg8 |
|
| 19 |
| vulnerability |
VCID-yd25-ket2-67d3 |
|
| 20 |
| vulnerability |
VCID-zy5d-6a4f-wua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1 |
|
| 2 |
| url |
pkg:gem/activerecord@3.2.12 |
| purl |
pkg:gem/activerecord@3.2.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12f4-gcj5-h3cu |
|
| 1 |
| vulnerability |
VCID-1r5t-n9ys-zbbu |
|
| 2 |
| vulnerability |
VCID-2bpy-kbwe-zbg8 |
|
| 3 |
| vulnerability |
VCID-2dgz-cqjx-bkaw |
|
| 4 |
| vulnerability |
VCID-3gxu-74a5-m7cv |
|
| 5 |
| vulnerability |
VCID-57uk-2vgz-kyhn |
|
| 6 |
| vulnerability |
VCID-9xfd-d2ff-uuec |
|
| 7 |
| vulnerability |
VCID-c3hd-njh3-b3bg |
|
| 8 |
| vulnerability |
VCID-d7z6-98fp-r3g2 |
|
| 9 |
| vulnerability |
VCID-jhtd-7tmy-jfaj |
|
| 10 |
| vulnerability |
VCID-jug9-esjy-8fh5 |
|
| 11 |
| vulnerability |
VCID-k8rq-jbrg-3qb3 |
|
| 12 |
| vulnerability |
VCID-v12d-fr9k-7ufu |
|
| 13 |
| vulnerability |
VCID-vbkg-umrg-gkfm |
|
| 14 |
| vulnerability |
VCID-zy5d-6a4f-wua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.12 |
|
|
| aliases |
CVE-2013-0276, GHSA-gr44-7grc-37vq, OSV-90072
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2vex-unxw-jub9 |
|
| 5 |
| url |
VCID-31rm-1rpc-g3dq |
| vulnerability_id |
VCID-31rm-1rpc-g3dq |
| summary |
SQL Injection
Ruby on Rails contains a flaw related to the way ActiveRecord handles parameters in conjunction with the way Rack parses query parameters. This issue may allow an attacker to inject arbitrary `IS NULL` clauses in to application SQL queries. This may also allow an attacker to have the SQL query check for `NULL` in arbitrary places. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/activerecord@3.1.5 |
| purl |
pkg:gem/activerecord@3.1.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12f4-gcj5-h3cu |
|
| 1 |
| vulnerability |
VCID-1r5t-n9ys-zbbu |
|
| 2 |
| vulnerability |
VCID-2bpy-kbwe-zbg8 |
|
| 3 |
| vulnerability |
VCID-2dgz-cqjx-bkaw |
|
| 4 |
| vulnerability |
VCID-2vex-unxw-jub9 |
|
| 5 |
| vulnerability |
VCID-3gxu-74a5-m7cv |
|
| 6 |
| vulnerability |
VCID-3sqw-5cpa-5qgg |
|
| 7 |
| vulnerability |
VCID-57uk-2vgz-kyhn |
|
| 8 |
| vulnerability |
VCID-9xfd-d2ff-uuec |
|
| 9 |
| vulnerability |
VCID-c3hd-njh3-b3bg |
|
| 10 |
| vulnerability |
VCID-d7z6-98fp-r3g2 |
|
| 11 |
| vulnerability |
VCID-jhtd-7tmy-jfaj |
|
| 12 |
| vulnerability |
VCID-jug9-esjy-8fh5 |
|
| 13 |
| vulnerability |
VCID-k8rq-jbrg-3qb3 |
|
| 14 |
| vulnerability |
VCID-v12d-fr9k-7ufu |
|
| 15 |
| vulnerability |
VCID-vbkg-umrg-gkfm |
|
| 16 |
| vulnerability |
VCID-vvth-cjt4-akg8 |
|
| 17 |
| vulnerability |
VCID-yd25-ket2-67d3 |
|
| 18 |
| vulnerability |
VCID-zy5d-6a4f-wua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.5 |
|
| 1 |
| url |
pkg:gem/activerecord@3.2.0.rc1 |
| purl |
pkg:gem/activerecord@3.2.0.rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12f4-gcj5-h3cu |
|
| 1 |
| vulnerability |
VCID-1r5t-n9ys-zbbu |
|
| 2 |
| vulnerability |
VCID-2bpy-kbwe-zbg8 |
|
| 3 |
| vulnerability |
VCID-2dgz-cqjx-bkaw |
|
| 4 |
| vulnerability |
VCID-2vex-unxw-jub9 |
|
| 5 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 6 |
| vulnerability |
VCID-3gxu-74a5-m7cv |
|
| 7 |
| vulnerability |
VCID-3sqw-5cpa-5qgg |
|
| 8 |
| vulnerability |
VCID-57uk-2vgz-kyhn |
|
| 9 |
| vulnerability |
VCID-9xfd-d2ff-uuec |
|
| 10 |
| vulnerability |
VCID-c3hd-njh3-b3bg |
|
| 11 |
| vulnerability |
VCID-d7z6-98fp-r3g2 |
|
| 12 |
| vulnerability |
VCID-jhtd-7tmy-jfaj |
|
| 13 |
| vulnerability |
VCID-jug9-esjy-8fh5 |
|
| 14 |
| vulnerability |
VCID-k8rq-jbrg-3qb3 |
|
| 15 |
| vulnerability |
VCID-p5sk-7xnp-fygg |
|
| 16 |
| vulnerability |
VCID-v12d-fr9k-7ufu |
|
| 17 |
| vulnerability |
VCID-vbkg-umrg-gkfm |
|
| 18 |
| vulnerability |
VCID-vvth-cjt4-akg8 |
|
| 19 |
| vulnerability |
VCID-yd25-ket2-67d3 |
|
| 20 |
| vulnerability |
VCID-zy5d-6a4f-wua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1 |
|
| 2 |
| url |
pkg:gem/activerecord@3.2.4 |
| purl |
pkg:gem/activerecord@3.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12f4-gcj5-h3cu |
|
| 1 |
| vulnerability |
VCID-1r5t-n9ys-zbbu |
|
| 2 |
| vulnerability |
VCID-2bpy-kbwe-zbg8 |
|
| 3 |
| vulnerability |
VCID-2dgz-cqjx-bkaw |
|
| 4 |
| vulnerability |
VCID-2vex-unxw-jub9 |
|
| 5 |
| vulnerability |
VCID-3gxu-74a5-m7cv |
|
| 6 |
| vulnerability |
VCID-3sqw-5cpa-5qgg |
|
| 7 |
| vulnerability |
VCID-57uk-2vgz-kyhn |
|
| 8 |
| vulnerability |
VCID-9xfd-d2ff-uuec |
|
| 9 |
| vulnerability |
VCID-c3hd-njh3-b3bg |
|
| 10 |
| vulnerability |
VCID-d7z6-98fp-r3g2 |
|
| 11 |
| vulnerability |
VCID-jhtd-7tmy-jfaj |
|
| 12 |
| vulnerability |
VCID-jug9-esjy-8fh5 |
|
| 13 |
| vulnerability |
VCID-k8rq-jbrg-3qb3 |
|
| 14 |
| vulnerability |
VCID-v12d-fr9k-7ufu |
|
| 15 |
| vulnerability |
VCID-vbkg-umrg-gkfm |
|
| 16 |
| vulnerability |
VCID-vvth-cjt4-akg8 |
|
| 17 |
| vulnerability |
VCID-yd25-ket2-67d3 |
|
| 18 |
| vulnerability |
VCID-zy5d-6a4f-wua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.4 |
|
|
| aliases |
CVE-2012-2660, GHSA-hgpp-pp89-4fgf, OSV-82610
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-31rm-1rpc-g3dq |
|
| 6 |
| url |
VCID-3gxu-74a5-m7cv |
| vulnerability_id |
VCID-3gxu-74a5-m7cv |
| summary |
Strong Parameter bypass with create_with
The `create_with` functionality in Active Record was implemented incorrectly and completely bypasses the strong parameter protection. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:gem/activerecord@4.1.0.beta1 |
| purl |
pkg:gem/activerecord@4.1.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12f4-gcj5-h3cu |
|
| 1 |
| vulnerability |
VCID-1r5t-n9ys-zbbu |
|
| 2 |
| vulnerability |
VCID-2bpy-kbwe-zbg8 |
|
| 3 |
| vulnerability |
VCID-2dgz-cqjx-bkaw |
|
| 4 |
| vulnerability |
VCID-3gxu-74a5-m7cv |
|
| 5 |
| vulnerability |
VCID-96bd-6tam-1qc5 |
|
| 6 |
| vulnerability |
VCID-9xfd-d2ff-uuec |
|
| 7 |
| vulnerability |
VCID-c3hd-njh3-b3bg |
|
| 8 |
| vulnerability |
VCID-d7z6-98fp-r3g2 |
|
| 9 |
| vulnerability |
VCID-jhtd-7tmy-jfaj |
|
| 10 |
| vulnerability |
VCID-jug9-esjy-8fh5 |
|
| 11 |
| vulnerability |
VCID-k8rq-jbrg-3qb3 |
|
| 12 |
| vulnerability |
VCID-v12d-fr9k-7ufu |
|
| 13 |
| vulnerability |
VCID-vbkg-umrg-gkfm |
|
| 14 |
| vulnerability |
VCID-zy5d-6a4f-wua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.0.beta1 |
|
| 2 |
|
|
| aliases |
CVE-2014-3514, GHSA-9rf5-jm6f-2fmm
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3gxu-74a5-m7cv |
|
| 7 |
| url |
VCID-3sqw-5cpa-5qgg |
| vulnerability_id |
VCID-3sqw-5cpa-5qgg |
| summary |
Active Record contains SQL Injection
SQL injection vulnerability in the Active Record component in Ruby on Rails before 2.3.15, 3.0.x before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use unexpected data types in certain find_by_ method calls. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/activerecord@3.1.9 |
| purl |
pkg:gem/activerecord@3.1.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12f4-gcj5-h3cu |
|
| 1 |
| vulnerability |
VCID-1r5t-n9ys-zbbu |
|
| 2 |
| vulnerability |
VCID-2bpy-kbwe-zbg8 |
|
| 3 |
| vulnerability |
VCID-2dgz-cqjx-bkaw |
|
| 4 |
| vulnerability |
VCID-2vex-unxw-jub9 |
|
| 5 |
| vulnerability |
VCID-3gxu-74a5-m7cv |
|
| 6 |
| vulnerability |
VCID-57uk-2vgz-kyhn |
|
| 7 |
| vulnerability |
VCID-9xfd-d2ff-uuec |
|
| 8 |
| vulnerability |
VCID-c3hd-njh3-b3bg |
|
| 9 |
| vulnerability |
VCID-d7z6-98fp-r3g2 |
|
| 10 |
| vulnerability |
VCID-jhtd-7tmy-jfaj |
|
| 11 |
| vulnerability |
VCID-jug9-esjy-8fh5 |
|
| 12 |
| vulnerability |
VCID-k8rq-jbrg-3qb3 |
|
| 13 |
| vulnerability |
VCID-v12d-fr9k-7ufu |
|
| 14 |
| vulnerability |
VCID-vbkg-umrg-gkfm |
|
| 15 |
| vulnerability |
VCID-vvth-cjt4-akg8 |
|
| 16 |
| vulnerability |
VCID-yd25-ket2-67d3 |
|
| 17 |
| vulnerability |
VCID-zy5d-6a4f-wua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.9 |
|
| 1 |
| url |
pkg:gem/activerecord@3.2.0.rc1 |
| purl |
pkg:gem/activerecord@3.2.0.rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12f4-gcj5-h3cu |
|
| 1 |
| vulnerability |
VCID-1r5t-n9ys-zbbu |
|
| 2 |
| vulnerability |
VCID-2bpy-kbwe-zbg8 |
|
| 3 |
| vulnerability |
VCID-2dgz-cqjx-bkaw |
|
| 4 |
| vulnerability |
VCID-2vex-unxw-jub9 |
|
| 5 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 6 |
| vulnerability |
VCID-3gxu-74a5-m7cv |
|
| 7 |
| vulnerability |
VCID-3sqw-5cpa-5qgg |
|
| 8 |
| vulnerability |
VCID-57uk-2vgz-kyhn |
|
| 9 |
| vulnerability |
VCID-9xfd-d2ff-uuec |
|
| 10 |
| vulnerability |
VCID-c3hd-njh3-b3bg |
|
| 11 |
| vulnerability |
VCID-d7z6-98fp-r3g2 |
|
| 12 |
| vulnerability |
VCID-jhtd-7tmy-jfaj |
|
| 13 |
| vulnerability |
VCID-jug9-esjy-8fh5 |
|
| 14 |
| vulnerability |
VCID-k8rq-jbrg-3qb3 |
|
| 15 |
| vulnerability |
VCID-p5sk-7xnp-fygg |
|
| 16 |
| vulnerability |
VCID-v12d-fr9k-7ufu |
|
| 17 |
| vulnerability |
VCID-vbkg-umrg-gkfm |
|
| 18 |
| vulnerability |
VCID-vvth-cjt4-akg8 |
|
| 19 |
| vulnerability |
VCID-yd25-ket2-67d3 |
|
| 20 |
| vulnerability |
VCID-zy5d-6a4f-wua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1 |
|
| 2 |
| url |
pkg:gem/activerecord@3.2.10 |
| purl |
pkg:gem/activerecord@3.2.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12f4-gcj5-h3cu |
|
| 1 |
| vulnerability |
VCID-1r5t-n9ys-zbbu |
|
| 2 |
| vulnerability |
VCID-2bpy-kbwe-zbg8 |
|
| 3 |
| vulnerability |
VCID-2dgz-cqjx-bkaw |
|
| 4 |
| vulnerability |
VCID-2vex-unxw-jub9 |
|
| 5 |
| vulnerability |
VCID-3gxu-74a5-m7cv |
|
| 6 |
| vulnerability |
VCID-57uk-2vgz-kyhn |
|
| 7 |
| vulnerability |
VCID-9xfd-d2ff-uuec |
|
| 8 |
| vulnerability |
VCID-c3hd-njh3-b3bg |
|
| 9 |
| vulnerability |
VCID-d7z6-98fp-r3g2 |
|
| 10 |
| vulnerability |
VCID-jhtd-7tmy-jfaj |
|
| 11 |
| vulnerability |
VCID-jug9-esjy-8fh5 |
|
| 12 |
| vulnerability |
VCID-k8rq-jbrg-3qb3 |
|
| 13 |
| vulnerability |
VCID-v12d-fr9k-7ufu |
|
| 14 |
| vulnerability |
VCID-vbkg-umrg-gkfm |
|
| 15 |
| vulnerability |
VCID-vvth-cjt4-akg8 |
|
| 16 |
| vulnerability |
VCID-yd25-ket2-67d3 |
|
| 17 |
| vulnerability |
VCID-zy5d-6a4f-wua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.10 |
|
|
| aliases |
CVE-2012-6496, GHSA-gh2w-j7cx-2664, OSV-88661
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3sqw-5cpa-5qgg |
|
| 8 |
| url |
VCID-57uk-2vgz-kyhn |
| vulnerability_id |
VCID-57uk-2vgz-kyhn |
| summary |
Symbol DoS vulnerability in Active Record
When a hash is provided as the find value for a query, the keys of the hash may be converted to symbols. Carefully crafted requests can coerce `params[:name]` to return a hash, and the keys to that hash may be converted to symbols. All users running an affected release should either upgrade or use one of the work arounds immediately. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/activerecord@3.1.12 |
| purl |
pkg:gem/activerecord@3.1.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12f4-gcj5-h3cu |
|
| 1 |
| vulnerability |
VCID-1r5t-n9ys-zbbu |
|
| 2 |
| vulnerability |
VCID-2bpy-kbwe-zbg8 |
|
| 3 |
| vulnerability |
VCID-2dgz-cqjx-bkaw |
|
| 4 |
| vulnerability |
VCID-3gxu-74a5-m7cv |
|
| 5 |
| vulnerability |
VCID-57uk-2vgz-kyhn |
|
| 6 |
| vulnerability |
VCID-9xfd-d2ff-uuec |
|
| 7 |
| vulnerability |
VCID-c3hd-njh3-b3bg |
|
| 8 |
| vulnerability |
VCID-d7z6-98fp-r3g2 |
|
| 9 |
| vulnerability |
VCID-jhtd-7tmy-jfaj |
|
| 10 |
| vulnerability |
VCID-jug9-esjy-8fh5 |
|
| 11 |
| vulnerability |
VCID-k8rq-jbrg-3qb3 |
|
| 12 |
| vulnerability |
VCID-v12d-fr9k-7ufu |
|
| 13 |
| vulnerability |
VCID-vbkg-umrg-gkfm |
|
| 14 |
| vulnerability |
VCID-zy5d-6a4f-wua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.12 |
|
| 1 |
| url |
pkg:gem/activerecord@3.2.13 |
| purl |
pkg:gem/activerecord@3.2.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12f4-gcj5-h3cu |
|
| 1 |
| vulnerability |
VCID-1r5t-n9ys-zbbu |
|
| 2 |
| vulnerability |
VCID-2bpy-kbwe-zbg8 |
|
| 3 |
| vulnerability |
VCID-2dgz-cqjx-bkaw |
|
| 4 |
| vulnerability |
VCID-3gxu-74a5-m7cv |
|
| 5 |
| vulnerability |
VCID-57uk-2vgz-kyhn |
|
| 6 |
| vulnerability |
VCID-9xfd-d2ff-uuec |
|
| 7 |
| vulnerability |
VCID-c3hd-njh3-b3bg |
|
| 8 |
| vulnerability |
VCID-d7z6-98fp-r3g2 |
|
| 9 |
| vulnerability |
VCID-jhtd-7tmy-jfaj |
|
| 10 |
| vulnerability |
VCID-jug9-esjy-8fh5 |
|
| 11 |
| vulnerability |
VCID-k8rq-jbrg-3qb3 |
|
| 12 |
| vulnerability |
VCID-v12d-fr9k-7ufu |
|
| 13 |
| vulnerability |
VCID-vbkg-umrg-gkfm |
|
| 14 |
| vulnerability |
VCID-zy5d-6a4f-wua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.13 |
|
|
| aliases |
CVE-2013-1854, GHSA-3crr-9vmg-864v, OSV-91453
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-57uk-2vgz-kyhn |
|
| 9 |
| url |
VCID-9xfd-d2ff-uuec |
| vulnerability_id |
VCID-9xfd-d2ff-uuec |
| summary |
SQL Injection Vulnerabilities Affecting PostgreSQL
SQLi vulnerability in activerecord. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/activerecord@4.0.7 |
| purl |
pkg:gem/activerecord@4.0.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12f4-gcj5-h3cu |
|
| 1 |
| vulnerability |
VCID-1r5t-n9ys-zbbu |
|
| 2 |
| vulnerability |
VCID-2bpy-kbwe-zbg8 |
|
| 3 |
| vulnerability |
VCID-2dgz-cqjx-bkaw |
|
| 4 |
| vulnerability |
VCID-3gxu-74a5-m7cv |
|
| 5 |
| vulnerability |
VCID-96bd-6tam-1qc5 |
|
| 6 |
| vulnerability |
VCID-c3hd-njh3-b3bg |
|
| 7 |
| vulnerability |
VCID-jug9-esjy-8fh5 |
|
| 8 |
| vulnerability |
VCID-k8rq-jbrg-3qb3 |
|
| 9 |
| vulnerability |
VCID-v12d-fr9k-7ufu |
|
| 10 |
| vulnerability |
VCID-vbkg-umrg-gkfm |
|
| 11 |
| vulnerability |
VCID-zy5d-6a4f-wua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.0.7 |
|
| 1 |
| url |
pkg:gem/activerecord@4.1.0.beta1 |
| purl |
pkg:gem/activerecord@4.1.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12f4-gcj5-h3cu |
|
| 1 |
| vulnerability |
VCID-1r5t-n9ys-zbbu |
|
| 2 |
| vulnerability |
VCID-2bpy-kbwe-zbg8 |
|
| 3 |
| vulnerability |
VCID-2dgz-cqjx-bkaw |
|
| 4 |
| vulnerability |
VCID-3gxu-74a5-m7cv |
|
| 5 |
| vulnerability |
VCID-96bd-6tam-1qc5 |
|
| 6 |
| vulnerability |
VCID-9xfd-d2ff-uuec |
|
| 7 |
| vulnerability |
VCID-c3hd-njh3-b3bg |
|
| 8 |
| vulnerability |
VCID-d7z6-98fp-r3g2 |
|
| 9 |
| vulnerability |
VCID-jhtd-7tmy-jfaj |
|
| 10 |
| vulnerability |
VCID-jug9-esjy-8fh5 |
|
| 11 |
| vulnerability |
VCID-k8rq-jbrg-3qb3 |
|
| 12 |
| vulnerability |
VCID-v12d-fr9k-7ufu |
|
| 13 |
| vulnerability |
VCID-vbkg-umrg-gkfm |
|
| 14 |
| vulnerability |
VCID-zy5d-6a4f-wua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.0.beta1 |
|
| 2 |
| url |
pkg:gem/activerecord@4.1.3 |
| purl |
pkg:gem/activerecord@4.1.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12f4-gcj5-h3cu |
|
| 1 |
| vulnerability |
VCID-1r5t-n9ys-zbbu |
|
| 2 |
| vulnerability |
VCID-2bpy-kbwe-zbg8 |
|
| 3 |
| vulnerability |
VCID-2dgz-cqjx-bkaw |
|
| 4 |
| vulnerability |
VCID-3gxu-74a5-m7cv |
|
| 5 |
| vulnerability |
VCID-96bd-6tam-1qc5 |
|
| 6 |
| vulnerability |
VCID-c3hd-njh3-b3bg |
|
| 7 |
| vulnerability |
VCID-jug9-esjy-8fh5 |
|
| 8 |
| vulnerability |
VCID-k8rq-jbrg-3qb3 |
|
| 9 |
| vulnerability |
VCID-v12d-fr9k-7ufu |
|
| 10 |
| vulnerability |
VCID-vbkg-umrg-gkfm |
|
| 11 |
| vulnerability |
VCID-zy5d-6a4f-wua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.3 |
|
|
| aliases |
CVE-2014-3483, GHSA-r8fh-hq2p-7qhq, OSV-108665
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9xfd-d2ff-uuec |
|
| 10 |
| url |
VCID-c3hd-njh3-b3bg |
| vulnerability_id |
VCID-c3hd-njh3-b3bg |
| summary |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
|
| fixed_packages |
|
| aliases |
CVE-2008-4094, GHSA-xf96-32q2-9rw2
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c3hd-njh3-b3bg |
|
| 11 |
| url |
VCID-d7z6-98fp-r3g2 |
| vulnerability_id |
VCID-d7z6-98fp-r3g2 |
| summary |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on array columns. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:gem/activerecord@3.2.0 |
| purl |
pkg:gem/activerecord@3.2.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12f4-gcj5-h3cu |
|
| 1 |
| vulnerability |
VCID-1r5t-n9ys-zbbu |
|
| 2 |
| vulnerability |
VCID-2bpy-kbwe-zbg8 |
|
| 3 |
| vulnerability |
VCID-2dgz-cqjx-bkaw |
|
| 4 |
| vulnerability |
VCID-2vex-unxw-jub9 |
|
| 5 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 6 |
| vulnerability |
VCID-3gxu-74a5-m7cv |
|
| 7 |
| vulnerability |
VCID-3sqw-5cpa-5qgg |
|
| 8 |
| vulnerability |
VCID-57uk-2vgz-kyhn |
|
| 9 |
| vulnerability |
VCID-9xfd-d2ff-uuec |
|
| 10 |
| vulnerability |
VCID-c3hd-njh3-b3bg |
|
| 11 |
| vulnerability |
VCID-d7z6-98fp-r3g2 |
|
| 12 |
| vulnerability |
VCID-jhtd-7tmy-jfaj |
|
| 13 |
| vulnerability |
VCID-jug9-esjy-8fh5 |
|
| 14 |
| vulnerability |
VCID-k8rq-jbrg-3qb3 |
|
| 15 |
| vulnerability |
VCID-p5sk-7xnp-fygg |
|
| 16 |
| vulnerability |
VCID-v12d-fr9k-7ufu |
|
| 17 |
| vulnerability |
VCID-vbkg-umrg-gkfm |
|
| 18 |
| vulnerability |
VCID-vvth-cjt4-akg8 |
|
| 19 |
| vulnerability |
VCID-yd25-ket2-67d3 |
|
| 20 |
| vulnerability |
VCID-zy5d-6a4f-wua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0 |
|
| 1 |
| url |
pkg:gem/activerecord@4.0.3 |
| purl |
pkg:gem/activerecord@4.0.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12f4-gcj5-h3cu |
|
| 1 |
| vulnerability |
VCID-1r5t-n9ys-zbbu |
|
| 2 |
| vulnerability |
VCID-2bpy-kbwe-zbg8 |
|
| 3 |
| vulnerability |
VCID-2dgz-cqjx-bkaw |
|
| 4 |
| vulnerability |
VCID-3gxu-74a5-m7cv |
|
| 5 |
| vulnerability |
VCID-96bd-6tam-1qc5 |
|
| 6 |
| vulnerability |
VCID-9xfd-d2ff-uuec |
|
| 7 |
| vulnerability |
VCID-c3hd-njh3-b3bg |
|
| 8 |
| vulnerability |
VCID-jhtd-7tmy-jfaj |
|
| 9 |
| vulnerability |
VCID-jug9-esjy-8fh5 |
|
| 10 |
| vulnerability |
VCID-k8rq-jbrg-3qb3 |
|
| 11 |
| vulnerability |
VCID-v12d-fr9k-7ufu |
|
| 12 |
| vulnerability |
VCID-vbkg-umrg-gkfm |
|
| 13 |
| vulnerability |
VCID-zy5d-6a4f-wua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.0.3 |
|
| 2 |
| url |
pkg:gem/activerecord@4.1.0.beta1 |
| purl |
pkg:gem/activerecord@4.1.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12f4-gcj5-h3cu |
|
| 1 |
| vulnerability |
VCID-1r5t-n9ys-zbbu |
|
| 2 |
| vulnerability |
VCID-2bpy-kbwe-zbg8 |
|
| 3 |
| vulnerability |
VCID-2dgz-cqjx-bkaw |
|
| 4 |
| vulnerability |
VCID-3gxu-74a5-m7cv |
|
| 5 |
| vulnerability |
VCID-96bd-6tam-1qc5 |
|
| 6 |
| vulnerability |
VCID-9xfd-d2ff-uuec |
|
| 7 |
| vulnerability |
VCID-c3hd-njh3-b3bg |
|
| 8 |
| vulnerability |
VCID-d7z6-98fp-r3g2 |
|
| 9 |
| vulnerability |
VCID-jhtd-7tmy-jfaj |
|
| 10 |
| vulnerability |
VCID-jug9-esjy-8fh5 |
|
| 11 |
| vulnerability |
VCID-k8rq-jbrg-3qb3 |
|
| 12 |
| vulnerability |
VCID-v12d-fr9k-7ufu |
|
| 13 |
| vulnerability |
VCID-vbkg-umrg-gkfm |
|
| 14 |
| vulnerability |
VCID-zy5d-6a4f-wua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.0.beta1 |
|
| 3 |
| url |
pkg:gem/activerecord@4.1.0.beta2 |
| purl |
pkg:gem/activerecord@4.1.0.beta2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12f4-gcj5-h3cu |
|
| 1 |
| vulnerability |
VCID-1r5t-n9ys-zbbu |
|
| 2 |
| vulnerability |
VCID-2bpy-kbwe-zbg8 |
|
| 3 |
| vulnerability |
VCID-2dgz-cqjx-bkaw |
|
| 4 |
| vulnerability |
VCID-3gxu-74a5-m7cv |
|
| 5 |
| vulnerability |
VCID-96bd-6tam-1qc5 |
|
| 6 |
| vulnerability |
VCID-9xfd-d2ff-uuec |
|
| 7 |
| vulnerability |
VCID-c3hd-njh3-b3bg |
|
| 8 |
| vulnerability |
VCID-jhtd-7tmy-jfaj |
|
| 9 |
| vulnerability |
VCID-jug9-esjy-8fh5 |
|
| 10 |
| vulnerability |
VCID-k8rq-jbrg-3qb3 |
|
| 11 |
| vulnerability |
VCID-v12d-fr9k-7ufu |
|
| 12 |
| vulnerability |
VCID-vbkg-umrg-gkfm |
|
| 13 |
| vulnerability |
VCID-zy5d-6a4f-wua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.0.beta2 |
|
|
| aliases |
CVE-2014-0080, GHSA-hqf9-rc9j-5fmj, OSV-103438
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d7z6-98fp-r3g2 |
|
| 12 |
| url |
VCID-jhtd-7tmy-jfaj |
| vulnerability_id |
VCID-jhtd-7tmy-jfaj |
| summary |
SQL Injection in Active Record
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:gem/activerecord@4.0.0 |
| purl |
pkg:gem/activerecord@4.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12f4-gcj5-h3cu |
|
| 1 |
| vulnerability |
VCID-1r5t-n9ys-zbbu |
|
| 2 |
| vulnerability |
VCID-2bpy-kbwe-zbg8 |
|
| 3 |
| vulnerability |
VCID-2dgz-cqjx-bkaw |
|
| 4 |
| vulnerability |
VCID-3gxu-74a5-m7cv |
|
| 5 |
| vulnerability |
VCID-58gq-e3v2-vkac |
|
| 6 |
| vulnerability |
VCID-96bd-6tam-1qc5 |
|
| 7 |
| vulnerability |
VCID-9xfd-d2ff-uuec |
|
| 8 |
| vulnerability |
VCID-c3hd-njh3-b3bg |
|
| 9 |
| vulnerability |
VCID-d7z6-98fp-r3g2 |
|
| 10 |
| vulnerability |
VCID-hvhe-s78h-p3bk |
|
| 11 |
| vulnerability |
VCID-jhtd-7tmy-jfaj |
|
| 12 |
| vulnerability |
VCID-jug9-esjy-8fh5 |
|
| 13 |
| vulnerability |
VCID-k8rq-jbrg-3qb3 |
|
| 14 |
| vulnerability |
VCID-v12d-fr9k-7ufu |
|
| 15 |
| vulnerability |
VCID-vbkg-umrg-gkfm |
|
| 16 |
| vulnerability |
VCID-zy5d-6a4f-wua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.0.0 |
|
|
| aliases |
CVE-2014-3482, GHSA-mhwp-qhpc-h3jm, OSV-108664
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jhtd-7tmy-jfaj |
|
| 13 |
| url |
VCID-jug9-esjy-8fh5 |
| vulnerability_id |
VCID-jug9-esjy-8fh5 |
| summary |
Active Record component in Ruby on Rails has a data-type injection vulnerability
The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attacks against Ruby on Rails applications via a crafted value, as demonstrated by unintended interaction between the "typed XML" feature and a MySQL database. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:gem/activerecord@4.2.0 |
| purl |
pkg:gem/activerecord@4.2.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12f4-gcj5-h3cu |
|
| 1 |
| vulnerability |
VCID-1r5t-n9ys-zbbu |
|
| 2 |
| vulnerability |
VCID-2bpy-kbwe-zbg8 |
|
| 3 |
| vulnerability |
VCID-2dgz-cqjx-bkaw |
|
| 4 |
| vulnerability |
VCID-96bd-6tam-1qc5 |
|
| 5 |
| vulnerability |
VCID-c3hd-njh3-b3bg |
|
| 6 |
| vulnerability |
VCID-hvhe-s78h-p3bk |
|
| 7 |
| vulnerability |
VCID-k8rq-jbrg-3qb3 |
|
| 8 |
| vulnerability |
VCID-v12d-fr9k-7ufu |
|
| 9 |
| vulnerability |
VCID-vbkg-umrg-gkfm |
|
| 10 |
| vulnerability |
VCID-w3hp-78sw-hfa4 |
|
| 11 |
| vulnerability |
VCID-ybar-scwr-fuds |
|
| 12 |
| vulnerability |
VCID-zy5d-6a4f-wua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.2.0 |
|
|
| aliases |
CVE-2013-3221, GHSA-f57c-hx33-hvh8
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jug9-esjy-8fh5 |
|
| 14 |
| url |
VCID-k8rq-jbrg-3qb3 |
| vulnerability_id |
VCID-k8rq-jbrg-3qb3 |
| summary |
Nested attributes rejection proc bypass
When using the nested attributes feature in Active Record you can prevent the destruction of associated records by passing the `allow_destroy: false` option to the `accepts_nested_attributes_for` method. The `allow_destroy` flag prevents the `:reject_if` proc from being called because it assumes that the record will be destroyed anyway. However, this is not true if `:allow_destroy` is false so this leads to changes that would have been rejected being applied to the record. Attackers could set attributes to invalid values or clear all the attributes. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-7577, GHSA-xrr6-3pc4-m447
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-k8rq-jbrg-3qb3 |
|
| 15 |
| url |
VCID-p5sk-7xnp-fygg |
| vulnerability_id |
VCID-p5sk-7xnp-fygg |
| summary |
SQL injection vulnerability in Active Record
Due to the way Active Record handles nested query parameters, an attacker can use a specially crafted request to inject some forms of SQL into your application's SQL queries. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:gem/activerecord@3.1.5 |
| purl |
pkg:gem/activerecord@3.1.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12f4-gcj5-h3cu |
|
| 1 |
| vulnerability |
VCID-1r5t-n9ys-zbbu |
|
| 2 |
| vulnerability |
VCID-2bpy-kbwe-zbg8 |
|
| 3 |
| vulnerability |
VCID-2dgz-cqjx-bkaw |
|
| 4 |
| vulnerability |
VCID-2vex-unxw-jub9 |
|
| 5 |
| vulnerability |
VCID-3gxu-74a5-m7cv |
|
| 6 |
| vulnerability |
VCID-3sqw-5cpa-5qgg |
|
| 7 |
| vulnerability |
VCID-57uk-2vgz-kyhn |
|
| 8 |
| vulnerability |
VCID-9xfd-d2ff-uuec |
|
| 9 |
| vulnerability |
VCID-c3hd-njh3-b3bg |
|
| 10 |
| vulnerability |
VCID-d7z6-98fp-r3g2 |
|
| 11 |
| vulnerability |
VCID-jhtd-7tmy-jfaj |
|
| 12 |
| vulnerability |
VCID-jug9-esjy-8fh5 |
|
| 13 |
| vulnerability |
VCID-k8rq-jbrg-3qb3 |
|
| 14 |
| vulnerability |
VCID-v12d-fr9k-7ufu |
|
| 15 |
| vulnerability |
VCID-vbkg-umrg-gkfm |
|
| 16 |
| vulnerability |
VCID-vvth-cjt4-akg8 |
|
| 17 |
| vulnerability |
VCID-yd25-ket2-67d3 |
|
| 18 |
| vulnerability |
VCID-zy5d-6a4f-wua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.5 |
|
| 1 |
| url |
pkg:gem/activerecord@3.2.0.rc1 |
| purl |
pkg:gem/activerecord@3.2.0.rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12f4-gcj5-h3cu |
|
| 1 |
| vulnerability |
VCID-1r5t-n9ys-zbbu |
|
| 2 |
| vulnerability |
VCID-2bpy-kbwe-zbg8 |
|
| 3 |
| vulnerability |
VCID-2dgz-cqjx-bkaw |
|
| 4 |
| vulnerability |
VCID-2vex-unxw-jub9 |
|
| 5 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 6 |
| vulnerability |
VCID-3gxu-74a5-m7cv |
|
| 7 |
| vulnerability |
VCID-3sqw-5cpa-5qgg |
|
| 8 |
| vulnerability |
VCID-57uk-2vgz-kyhn |
|
| 9 |
| vulnerability |
VCID-9xfd-d2ff-uuec |
|
| 10 |
| vulnerability |
VCID-c3hd-njh3-b3bg |
|
| 11 |
| vulnerability |
VCID-d7z6-98fp-r3g2 |
|
| 12 |
| vulnerability |
VCID-jhtd-7tmy-jfaj |
|
| 13 |
| vulnerability |
VCID-jug9-esjy-8fh5 |
|
| 14 |
| vulnerability |
VCID-k8rq-jbrg-3qb3 |
|
| 15 |
| vulnerability |
VCID-p5sk-7xnp-fygg |
|
| 16 |
| vulnerability |
VCID-v12d-fr9k-7ufu |
|
| 17 |
| vulnerability |
VCID-vbkg-umrg-gkfm |
|
| 18 |
| vulnerability |
VCID-vvth-cjt4-akg8 |
|
| 19 |
| vulnerability |
VCID-yd25-ket2-67d3 |
|
| 20 |
| vulnerability |
VCID-zy5d-6a4f-wua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1 |
|
| 2 |
| url |
pkg:gem/activerecord@3.2.4 |
| purl |
pkg:gem/activerecord@3.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12f4-gcj5-h3cu |
|
| 1 |
| vulnerability |
VCID-1r5t-n9ys-zbbu |
|
| 2 |
| vulnerability |
VCID-2bpy-kbwe-zbg8 |
|
| 3 |
| vulnerability |
VCID-2dgz-cqjx-bkaw |
|
| 4 |
| vulnerability |
VCID-2vex-unxw-jub9 |
|
| 5 |
| vulnerability |
VCID-3gxu-74a5-m7cv |
|
| 6 |
| vulnerability |
VCID-3sqw-5cpa-5qgg |
|
| 7 |
| vulnerability |
VCID-57uk-2vgz-kyhn |
|
| 8 |
| vulnerability |
VCID-9xfd-d2ff-uuec |
|
| 9 |
| vulnerability |
VCID-c3hd-njh3-b3bg |
|
| 10 |
| vulnerability |
VCID-d7z6-98fp-r3g2 |
|
| 11 |
| vulnerability |
VCID-jhtd-7tmy-jfaj |
|
| 12 |
| vulnerability |
VCID-jug9-esjy-8fh5 |
|
| 13 |
| vulnerability |
VCID-k8rq-jbrg-3qb3 |
|
| 14 |
| vulnerability |
VCID-v12d-fr9k-7ufu |
|
| 15 |
| vulnerability |
VCID-vbkg-umrg-gkfm |
|
| 16 |
| vulnerability |
VCID-vvth-cjt4-akg8 |
|
| 17 |
| vulnerability |
VCID-yd25-ket2-67d3 |
|
| 18 |
| vulnerability |
VCID-zy5d-6a4f-wua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.4 |
|
|
| aliases |
CVE-2012-2661, GHSA-fh39-v733-mxfr, OSV-82403
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p5sk-7xnp-fygg |
|
| 16 |
|
| 17 |
|
| 18 |
| url |
VCID-vvth-cjt4-akg8 |
| vulnerability_id |
VCID-vvth-cjt4-akg8 |
| summary |
Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0
There is a vulnerability in the serialized attribute handling code in Ruby on Rails, applications which allow users to directly assign to the serialized fields in their models are at risk of Denial of Service or Remote Code Execution vulnerabilities. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/activerecord@3.1.0 |
| purl |
pkg:gem/activerecord@3.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12f4-gcj5-h3cu |
|
| 1 |
| vulnerability |
VCID-1r5t-n9ys-zbbu |
|
| 2 |
| vulnerability |
VCID-2bpy-kbwe-zbg8 |
|
| 3 |
| vulnerability |
VCID-2dgz-cqjx-bkaw |
|
| 4 |
| vulnerability |
VCID-2vex-unxw-jub9 |
|
| 5 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 6 |
| vulnerability |
VCID-3gxu-74a5-m7cv |
|
| 7 |
| vulnerability |
VCID-3sqw-5cpa-5qgg |
|
| 8 |
| vulnerability |
VCID-57uk-2vgz-kyhn |
|
| 9 |
| vulnerability |
VCID-9xfd-d2ff-uuec |
|
| 10 |
| vulnerability |
VCID-c3hd-njh3-b3bg |
|
| 11 |
| vulnerability |
VCID-d7z6-98fp-r3g2 |
|
| 12 |
| vulnerability |
VCID-jhtd-7tmy-jfaj |
|
| 13 |
| vulnerability |
VCID-jug9-esjy-8fh5 |
|
| 14 |
| vulnerability |
VCID-k8rq-jbrg-3qb3 |
|
| 15 |
| vulnerability |
VCID-p5sk-7xnp-fygg |
|
| 16 |
| vulnerability |
VCID-v12d-fr9k-7ufu |
|
| 17 |
| vulnerability |
VCID-vbkg-umrg-gkfm |
|
| 18 |
| vulnerability |
VCID-vvth-cjt4-akg8 |
|
| 19 |
| vulnerability |
VCID-yd25-ket2-67d3 |
|
| 20 |
| vulnerability |
VCID-zy5d-6a4f-wua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0 |
|
|
| aliases |
CVE-2013-0277, GHSA-fhj9-cjjh-27vm, OSV-90073
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vvth-cjt4-akg8 |
|
| 19 |
| url |
VCID-yd25-ket2-67d3 |
| vulnerability_id |
VCID-yd25-ket2-67d3 |
| summary |
Unsafe Query Generation Risk in Ruby on Rails
Due to the way Active Record interprets parameters in combination with the way that JSON parameters are parsed, it is possible for an attacker to issue unexpected database queries with "IS NULL" or empty where clauses. This issue does *not* let an attacker insert arbitrary values into an SQL query, however they can cause the query to check for NULL or eliminate a WHERE clause when most users wouldn't expect it. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/activerecord@3.1.10 |
| purl |
pkg:gem/activerecord@3.1.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12f4-gcj5-h3cu |
|
| 1 |
| vulnerability |
VCID-1r5t-n9ys-zbbu |
|
| 2 |
| vulnerability |
VCID-2bpy-kbwe-zbg8 |
|
| 3 |
| vulnerability |
VCID-2dgz-cqjx-bkaw |
|
| 4 |
| vulnerability |
VCID-2vex-unxw-jub9 |
|
| 5 |
| vulnerability |
VCID-3gxu-74a5-m7cv |
|
| 6 |
| vulnerability |
VCID-57uk-2vgz-kyhn |
|
| 7 |
| vulnerability |
VCID-9xfd-d2ff-uuec |
|
| 8 |
| vulnerability |
VCID-c3hd-njh3-b3bg |
|
| 9 |
| vulnerability |
VCID-d7z6-98fp-r3g2 |
|
| 10 |
| vulnerability |
VCID-jhtd-7tmy-jfaj |
|
| 11 |
| vulnerability |
VCID-jug9-esjy-8fh5 |
|
| 12 |
| vulnerability |
VCID-k8rq-jbrg-3qb3 |
|
| 13 |
| vulnerability |
VCID-v12d-fr9k-7ufu |
|
| 14 |
| vulnerability |
VCID-vbkg-umrg-gkfm |
|
| 15 |
| vulnerability |
VCID-vvth-cjt4-akg8 |
|
| 16 |
| vulnerability |
VCID-zy5d-6a4f-wua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.10 |
|
| 1 |
| url |
pkg:gem/activerecord@3.2.0.rc1 |
| purl |
pkg:gem/activerecord@3.2.0.rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12f4-gcj5-h3cu |
|
| 1 |
| vulnerability |
VCID-1r5t-n9ys-zbbu |
|
| 2 |
| vulnerability |
VCID-2bpy-kbwe-zbg8 |
|
| 3 |
| vulnerability |
VCID-2dgz-cqjx-bkaw |
|
| 4 |
| vulnerability |
VCID-2vex-unxw-jub9 |
|
| 5 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 6 |
| vulnerability |
VCID-3gxu-74a5-m7cv |
|
| 7 |
| vulnerability |
VCID-3sqw-5cpa-5qgg |
|
| 8 |
| vulnerability |
VCID-57uk-2vgz-kyhn |
|
| 9 |
| vulnerability |
VCID-9xfd-d2ff-uuec |
|
| 10 |
| vulnerability |
VCID-c3hd-njh3-b3bg |
|
| 11 |
| vulnerability |
VCID-d7z6-98fp-r3g2 |
|
| 12 |
| vulnerability |
VCID-jhtd-7tmy-jfaj |
|
| 13 |
| vulnerability |
VCID-jug9-esjy-8fh5 |
|
| 14 |
| vulnerability |
VCID-k8rq-jbrg-3qb3 |
|
| 15 |
| vulnerability |
VCID-p5sk-7xnp-fygg |
|
| 16 |
| vulnerability |
VCID-v12d-fr9k-7ufu |
|
| 17 |
| vulnerability |
VCID-vbkg-umrg-gkfm |
|
| 18 |
| vulnerability |
VCID-vvth-cjt4-akg8 |
|
| 19 |
| vulnerability |
VCID-yd25-ket2-67d3 |
|
| 20 |
| vulnerability |
VCID-zy5d-6a4f-wua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0.rc1 |
|
| 2 |
| url |
pkg:gem/activerecord@3.2.11 |
| purl |
pkg:gem/activerecord@3.2.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12f4-gcj5-h3cu |
|
| 1 |
| vulnerability |
VCID-1r5t-n9ys-zbbu |
|
| 2 |
| vulnerability |
VCID-2bpy-kbwe-zbg8 |
|
| 3 |
| vulnerability |
VCID-2dgz-cqjx-bkaw |
|
| 4 |
| vulnerability |
VCID-2vex-unxw-jub9 |
|
| 5 |
| vulnerability |
VCID-3gxu-74a5-m7cv |
|
| 6 |
| vulnerability |
VCID-57uk-2vgz-kyhn |
|
| 7 |
| vulnerability |
VCID-9xfd-d2ff-uuec |
|
| 8 |
| vulnerability |
VCID-c3hd-njh3-b3bg |
|
| 9 |
| vulnerability |
VCID-d7z6-98fp-r3g2 |
|
| 10 |
| vulnerability |
VCID-jhtd-7tmy-jfaj |
|
| 11 |
| vulnerability |
VCID-jug9-esjy-8fh5 |
|
| 12 |
| vulnerability |
VCID-k8rq-jbrg-3qb3 |
|
| 13 |
| vulnerability |
VCID-v12d-fr9k-7ufu |
|
| 14 |
| vulnerability |
VCID-vbkg-umrg-gkfm |
|
| 15 |
| vulnerability |
VCID-vvth-cjt4-akg8 |
|
| 16 |
| vulnerability |
VCID-zy5d-6a4f-wua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.11 |
|
|
| aliases |
CVE-2013-0155, GHSA-gppp-5xc5-wfpx, OSV-89025
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yd25-ket2-67d3 |
|
| 20 |
| url |
VCID-zy5d-6a4f-wua5 |
| vulnerability_id |
VCID-zy5d-6a4f-wua5 |
| summary |
Improper Input Validation
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2010-3933, GHSA-gjxw-5w2q-7grf
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zy5d-6a4f-wua5 |
|