CVE-2012-2661 in Ruby on Railsinfo

Summary

The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage unintended recursion, a related issue to CVE-2012-2695.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

05/14/2012

Disclosure

06/22/2012

Moderation

VulDB entry created

Entries

1: VDB-5469

CPE

ready

CWE

CWE-89 (Confirmed)

CVSS

8.8

EPSS

0.00730

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-2661
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-2661
CVE Details	https://www.cvedetails.com/cve/CVE-2012-2661/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!