CVE-2012-2661 in Ruby on Railsinfo

Zusammenfassung

von MITRE

The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage unintended recursion, a related issue to CVE-2012-2695.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservieren

14.05.2012

Veröffentlichung

22.06.2012

Moderieren

akzeptiert

Eintrag

VDB-5469

CPE

bereit

EPSS

0.04174

KEV

nein

Aktivitäten

very low

Quellen

Do you need the next level of professionalism?

Upgrade your account now!