CVE-2012-2695

NONECVSS 0.0

0.0

The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661.

🔗 References (12)

secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html
secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
secalert@redhathttp://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
secalert@redhathttp://rhn.redhat.com/errata/RHSA-2013-0154.html
secalert@redhathttps://groups.google.com/group/rubyonrails-security/msg/aee3413fb038bf56?dmode=source&output=gplain
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0154.html
af854a3a-2127-422b-91ae-364da2661108https://groups.google.com/group/rubyonrails-security/msg/aee3413fb038bf56?dmode=source&output=gplain

Is Your Infrastructure Affected by CVE-2012-2695?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2012-2695

📅 Published

🔄 Last Modified

🔗 References (12)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2012-2695?