CVE-2012-2695 in Ruby on Rails
Resumen (Inglés)
The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Reservar
2012-05-14
Divulgación
2012-06-22
Estado
Confirmado
Voces
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidad | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 61085 | Ruby on Rails ActiveRecord inyección SQL | 89 | No está definido | Arreglo oficial | CVE-2012-2695 |
Descripción
CPE
CWE
CVSS
Hazañas
Historia
Diferencia
Relacionar
Inteligencia de amenazas
API JSON
API XML
API CSV