Search for packages
| purl | pkg:gem/activerecord@5.1.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-12f4-gcj5-h3cu
Aliases: CVE-2012-2695 GHSA-76wq-xw4h-f8wj |
activerecord vulnerable to SQL Injection The Active Record component in Ruby on Rails efore 2.3.15, 3.0.x before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661. | There are no reported fixed by versions. |
|
VCID-1r5t-n9ys-zbbu
Aliases: CVE-2011-0448 GHSA-jmm9-2p29-vh2w |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument. | There are no reported fixed by versions. |
|
VCID-2bpy-kbwe-zbg8
Aliases: CVE-2022-32224 GHSA-3hhc-qp5v-9p2j |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 1 other vulnerability. Affected by 3 other vulnerabilities. |
|
|
VCID-2dgz-cqjx-bkaw
Aliases: CVE-2011-2930 GHSA-h6w6-xmqv-7q78 |
activerecord vulnerable to SQL Injection Multiple SQL injection vulnerabilities in the `quote_table_name` method in the ActiveRecord adapters in `activerecord/lib/active_record/connection_adapters/` in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a crafted column name. | There are no reported fixed by versions. |
|
VCID-c3hd-njh3-b3bg
Aliases: CVE-2008-4094 GHSA-xf96-32q2-9rw2 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer. | There are no reported fixed by versions. |
|
VCID-v12d-fr9k-7ufu
Aliases: CVE-2025-55193 GHSA-76r7-hhxj-r776 |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
|
VCID-vbkg-umrg-gkfm
Aliases: CVE-2022-44566 GHSA-579w-22j4-4749 GMS-2023-59 |
Duplicate This advisory duplicates another. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-w3hp-78sw-hfa4
Aliases: CVE-2021-22880 GHSA-8hc4-xxm3-5ppp |
Affected by 3 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
|
VCID-zy5d-6a4f-wua5
Aliases: CVE-2010-3933 GHSA-gjxw-5w2q-7grf |
Improper Input Validation Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||