Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-p6yg-d8wm-4bgz
Summary
SQL Injection
Ruby on Rails contains a flaw related to the way ActiveRecord handles parameters in conjunction with the way Rack parses query parameters. This issue may allow an attacker to inject arbitrary `IS NULL` clauses in to application SQL queries. This may also allow an attacker to have the SQL query check for `NULL` in arbitrary places.
Aliases
0
alias CVE-2012-2660
1
alias GHSA-hgpp-pp89-4fgf
Fixed_packages
0
url pkg:gem/actionpack@2.3.16
purl pkg:gem/actionpack@2.3.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.16
1
url pkg:gem/actionpack@3.0.13
purl pkg:gem/actionpack@3.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f21a-143f-9qay
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.13
2
url pkg:gem/actionpack@3.1.5
purl pkg:gem/actionpack@3.1.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.5
3
url pkg:gem/actionpack@3.2.4
purl pkg:gem/actionpack@3.2.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.4
4
url pkg:gem/activerecord@3.0.13
purl pkg:gem/activerecord@3.0.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.13
5
url pkg:gem/activerecord@3.1.5
purl pkg:gem/activerecord@3.1.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.5
6
url pkg:gem/activerecord@3.2.4
purl pkg:gem/activerecord@3.2.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.4
Affected_packages
0
url pkg:gem/actionpack@3.0.0.beta
purl pkg:gem/actionpack@3.0.0.beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7m31-x66p-3bha
1
vulnerability VCID-dx34-zm9p-1ydc
2
vulnerability VCID-p6yg-d8wm-4bgz
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.0.beta
1
url pkg:gem/actionpack@3.1.0
purl pkg:gem/actionpack@3.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7m31-x66p-3bha
1
vulnerability VCID-dx34-zm9p-1ydc
2
vulnerability VCID-f21a-143f-9qay
3
vulnerability VCID-p6yg-d8wm-4bgz
4
vulnerability VCID-puve-cp8z-zbdr
5
vulnerability VCID-t9c8-r3yp-sbde
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0
2
url pkg:gem/actionpack@3.2.0
purl pkg:gem/actionpack@3.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7m31-x66p-3bha
1
vulnerability VCID-dx34-zm9p-1ydc
2
vulnerability VCID-f21a-143f-9qay
3
vulnerability VCID-kt2t-d3bx-jydv
4
vulnerability VCID-p6yg-d8wm-4bgz
5
vulnerability VCID-puve-cp8z-zbdr
6
vulnerability VCID-qmvt-9qth-77a6
7
vulnerability VCID-t9c8-r3yp-sbde
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0
3
url pkg:gem/activerecord@3.0.0
purl pkg:gem/activerecord@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mc1-zb64-yued
1
vulnerability VCID-8n6u-hbhg-7qdx
2
vulnerability VCID-cce9-3g2x-h3dt
3
vulnerability VCID-p6yg-d8wm-4bgz
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.0
4
url pkg:gem/activerecord@3.1.0
purl pkg:gem/activerecord@3.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cce9-3g2x-h3dt
1
vulnerability VCID-kt5q-24cw-3faa
2
vulnerability VCID-p6yg-d8wm-4bgz
3
vulnerability VCID-wt9d-ejgc-ryg7
4
vulnerability VCID-wu15-9j1q-17ag
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.0
5
url pkg:gem/activerecord@3.2.0
purl pkg:gem/activerecord@3.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7e6a-35vx-6ygj
1
vulnerability VCID-cce9-3g2x-h3dt
2
vulnerability VCID-kt5q-24cw-3faa
3
vulnerability VCID-p6yg-d8wm-4bgz
4
vulnerability VCID-wt9d-ejgc-ryg7
5
vulnerability VCID-wu15-9j1q-17ag
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.0
References
0
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
url https://github.com/rails/rails
1
reference_url https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b
reference_id
reference_type
scores
url https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b
2
reference_url https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3
reference_id
reference_type
scores
url https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3
3
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml
reference_id
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml
4
reference_url https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ
reference_id
reference_type
scores
url https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ
5
reference_url https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain
reference_id
reference_type
scores
url https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain
6
reference_url https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ
reference_id
reference_type
scores
url https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-2660
reference_id CVE-2012-2660
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2012-2660
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml
reference_id CVE-2012-2660.YML
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml
reference_id CVE-2012-2660.YML
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml
10
reference_url https://github.com/advisories/GHSA-hgpp-pp89-4fgf
reference_id GHSA-hgpp-pp89-4fgf
reference_type
scores
url https://github.com/advisories/GHSA-hgpp-pp89-4fgf
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 264
name Permissions, Privileges, and Access Controls
description Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
3
cwe_id 284
name Improper Access Control
description The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-p6yg-d8wm-4bgz