CVE-2016-6317 in Ruby on Railsالمعلومات

الملخص

بحسب MITRE

Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

حجز

26/07/2016

إفشاء

07/09/2016

الاعتدال

تمت الموافقة

إدخال

VDB-91365

CPE

جاهز

CWE

CWE-284 (مؤكد)

CVSS

7.5 (NVD)

EPSS

0.00381

KEV

لا

النشاطات

منخفض جدًا

القطاع

Insurance, Hostingprovider, ...

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-6317
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-6317
CVE Details	https://www.cvedetails.com/cve/CVE-2016-6317/

التالي ▸نظرة عامة ◂ السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!