CVE-2012-6496

NONECVSS 0.0

0.0

SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use unexpected data types in certain find_by_ method calls.

🔗 References (18)

cve@mitrehttp://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/
cve@mitrehttp://rhn.redhat.com/errata/RHSA-2013-0154.html
cve@mitrehttp://rhn.redhat.com/errata/RHSA-2013-0155.html
cve@mitrehttp://rhn.redhat.com/errata/RHSA-2013-0220.html
cve@mitrehttp://rhn.redhat.com/errata/RHSA-2013-0544.html
cve@mitrehttp://security.gentoo.org/glsa/glsa-201401-22.xml
cve@mitrehttp://www.securityfocus.com/bid/57084
cve@mitrehttps://bugzilla.redhat.com/show_bug.cgi?id=889649
cve@mitrehttps://groups.google.com/group/rubyonrails-security/msg/23daa048baf28b64?dmode=source&output=gplain
af854a3a-2127-422b-91ae-364da2661108http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0154.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0155.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0220.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0544.html
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-201401-22.xml

Is Your Infrastructure Affected by CVE-2012-6496?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2012-6496

📅 Published

🔄 Last Modified

🔗 References (18)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2012-6496?