CVE-2012-2660 — Improper Access Control in Project Actionpack

CWE-264 CWE-284 — Improper Access Control CWE-89 — SQL Injection CWE-476 — NULL Pointer Dereference CWE-138 — Improper Neutralization of Special Elements CWE-305 — Authentication Bypass by Primary Weakness CWE-20 — Improper Input Validation17 documents7 sources

Severity

6.4MEDIUMNVD

GHSA4.3OSV4.3

EPSS

0.3%

top 47.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Actionpack Project Actionpack Rubyonrails Rails Rubyonrails Ruby ON Rails

Timeline

PublishedJun 22

Latest updateAug 13

Description

actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2694.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages3 packages

▶NVDrubyonrails/rails25 versions+24

▶NVDrubyonrails/ruby_on_rails3.0.4

▶RubyGemsactionpack_project/actionpack3.0.0.beta — 3.0.13+3

🔴Vulnerability Details

GHSA

Moderate severity vulnerability that affects activerecord↗2018-08-13

▶

OSV

Action Pack contains database-query restrictions bypass↗2017-10-24

▶

GHSA

Action Pack contains database-query restrictions bypass↗2017-10-24

▶

GHSA

actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request↗2017-10-24

▶

GHSA

Active Record allows bypassing of database-query restrictions↗2017-10-24

▶

📋Vendor Advisories

Red Hat

rubygem-activerecord: unsafe query generation in Active Record↗2016-08-11

▶

Red Hat

rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails↗2013-01-08

▶

Red Hat

rubygem-actionpack: Unsafe query generation (a different flaw than CVE-2012-2660)↗2012-06-12

▶

Red Hat

rubygem-actionpack: Unsafe query generation↗2012-05-31

▶

💬Community

HackerOne

Unsafe Query Generation (CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155) mitigation bypass↗2018-02-07

▶

Bugzilla

CVE-2012-2694 rubygem-actionpack: Unsafe query generation (a different flaw than CVE-2012-2660) [fedora-all]↗2012-06-13

▶

Bugzilla

CVE-2012-2694 rubygem-actionpack: Unsafe query generation (a different flaw than CVE-2012-2660)↗2012-06-13

▶

Bugzilla

CVE-2012-2660 rubygem-actionpack: Unsafe query generation↗2012-06-01

▶

Bugzilla

CVE-2012-2660 rubygem-actionpack: Unsafe query generation [fedora-all]↗2012-06-01

▶