Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/activerecord@4.2.7.0
purl pkg:gem/activerecord@4.2.7.0
Tags Ghost
Next non-vulnerable version 7.1.5.2
Latest non-vulnerable version 8.0.2.1
Risk 4.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-9t7a-muwx-zyee
Aliases:
CVE-2016-6317
GHSA-pr3r-4wrp-r2pv
Improper Access Control The Rails gem does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing `WHERE` clauses via a crafted request.
4.2.7.1
Affected by 9 other vulnerabilities.
VCID-qywc-5pj5-y3a9
Aliases:
GHSA-m8h6-m9p5-p2f8
Moderate severity vulnerability that affects activerecord Withdrawn, accidental duplicate publish. Active Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.
4.2.7.1
Affected by 9 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T15:56:36.618444+00:00 GHSA Importer Affected by VCID-qywc-5pj5-y3a9 https://github.com/advisories/GHSA-m8h6-m9p5-p2f8 38.0.0
2026-04-01T15:56:12.975917+00:00 GHSA Importer Affected by VCID-9t7a-muwx-zyee https://github.com/advisories/GHSA-pr3r-4wrp-r2pv 38.0.0