CVE-2012-2694
published 2012-06-22CVE-2012-2694: actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider…
PriorityP428medium4.3CVSS 2.0
AVNACMAuNCPINAN
EPSS
4.07%
89.3th percentile
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain "['xyz', nil]" values, a related issue to CVE-2012-2660.
Affected
63 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| actionpack_project | actionpack | >= 0 < 2.3.16 | 2.3.16 |
| actionpack_project | actionpack | >= 3.0.0.beta < 3.0.13 | 3.0.13 |
| actionpack_project | actionpack | >= 3.0.13 < 3.0.14 | 3.0.14 |
| actionpack_project | actionpack | >= 3.1.0 < 3.1.6 | 3.1.6 |
| actionpack_project | actionpack | >= 3.1.0 < 3.1.5 | 3.1.5 |
| actionpack_project | actionpack | >= 3.2.0 < 3.2.6 | 3.2.6 |
| actionpack_project | actionpack | >= 3.2.0 < 3.2.4 | 3.2.4 |
| activerecord_project | activerecord | >= 3.0.0 < 3.0.19 | 3.0.19 |
| activerecord_project | activerecord | >= 3.1.0 < 3.1.10 | 3.1.10 |
| activerecord_project | activerecord | >= 3.2.0 < 3.2.11 | 3.2.11 |
| activerecord_project | activerecord | >= 4.2.0 < 4.2.7.1 | 4.2.7.1 |
| debian | debian_linux | — | — |
| debian | rails | < rails 2.3.14.1 (bookworm) | rails 2.3.14.1 (bookworm) |
| debian | rails | < rails 2:4.2.7.1-1 (bookworm) | rails 2:4.2.7.1-1 (bookworm) |
| rubyonrails | rails | — | — |
| rubyonrails | rails | — | — |
| rubyonrails | rails | — | — |
| rubyonrails | rails | — | — |
| rubyonrails | rails | — | — |
| rubyonrails | rails | — | — |
| rubyonrails | rails | — | — |
| rubyonrails | rails | — | — |
| rubyonrails | rails | — | — |
| rubyonrails | rails | — | — |
| rubyonrails | rails | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
ghsa6.4MEDIUM
osv6.4MEDIUM
vendor_debian6.4MEDIUM
vendor_redhat6.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Moderate severity vulnerability that affects activerecord
osv·2018-08-13·CVSS 6.4
[MEDIUM] Moderate severity vulnerability that affects activerecord
Moderate severity vulnerability that affects activerecord
Withdrawn, accidental duplicate publish.
Active Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.
GHSA
Moderate severity vulnerability that affects activerecord
ghsa·2018-08-13·CVSS 6.4
[MEDIUM] Moderate severity vulnerability that affects activerecord
Moderate severity vulnerability that affects activerecord
Withdrawn, accidental duplicate publish.
Active Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.
OSV
actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request
osv·2017-10-24·CVSS 6.4
CVE-2012-2694 [MEDIUM] actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request
actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request
`actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain `['xyz', nil]` values, a related issue to CVE-2012-2660.
GHSA
actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request
ghsa·2017-10-24·CVSS 6.4
CVE-2012-2694 [MEDIUM] actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request
actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request
`actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain `['xyz', nil]` values, a related issue to CVE-2012-2660.
OSV
Action Pack contains database-query restrictions bypass
osv·2017-10-24·CVSS 4.3
CVE-2012-2660 [MEDIUM] Action Pack contains database-query restrictions bypass
Action Pack contains database-query restrictions bypass
`actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 2.3.16, 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain `[nil]` values, a related issue to CVE-2012-2694.
GHSA
ActiveRecord in Ruby on Rails allows database-query bypass
ghsa·2017-10-24·CVSS 6.4
CVE-2016-6317 [MEDIUM] CWE-284 ActiveRecord in Ruby on Rails allows database-query bypass
ActiveRecord in Ruby on Rails allows database-query bypass
Active Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.
OSV
Active Record allows bypassing of database-query restrictions
osv·2017-10-24·CVSS 6.4
CVE-2013-0155 [MEDIUM] Active Record allows bypassing of database-query restrictions
Active Record allows bypassing of database-query restrictions
Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660 and CVE-2012-2694.
GHSA
Action Pack contains database-query restrictions bypass
ghsa·2017-10-24·CVSS 4.3
CVE-2012-2660 [MEDIUM] CWE-284 Action Pack contains database-query restrictions bypass
Action Pack contains database-query restrictions bypass
`actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 2.3.16, 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain `[nil]` values, a related issue to CVE-2012-2694.
GHSA
Active Record allows bypassing of database-query restrictions
ghsa·2017-10-24·CVSS 6.4
CVE-2013-0155 [MEDIUM] CWE-284 Active Record allows bypassing of database-query restrictions
Active Record allows bypassing of database-query restrictions
Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660 and CVE-2012-2694.
OSV
ActiveRecord in Ruby on Rails allows database-query bypass
osv·2017-10-24·CVSS 6.4
CVE-2016-6317 [MEDIUM] ActiveRecord in Ruby on Rails allows database-query bypass
ActiveRecord in Ruby on Rails allows database-query bypass
Active Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.
OSV
CVE-2016-6317: Action Record in Ruby on Rails 4
osv·2016-09-07·CVSS 6.4
CVE-2016-6317 [MEDIUM] CVE-2016-6317: Action Record in Ruby on Rails 4
Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.
OSV
CVE-2013-0155: Ruby on Rails 3
osv·2013-01-13·CVSS 6.4
CVE-2013-0155 [MEDIUM] CVE-2013-0155: Ruby on Rails 3
Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660 and CVE-2012-2694.
Red Hat
rubygem-activerecord: unsafe query generation in Active Record
vendor_redhat·2016-08-11·CVSS 6.4
CVE-2016-6317 [MEDIUM] CWE-20 rubygem-activerecord: unsafe query generation in Active Record
rubygem-activerecord: unsafe query generation in Active Record
Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.
A flaw was found in the way Active Record handled certain special values in dynamic finders and relations. If a Ruby on Rails application performed JSON parameter parsing, a remote attacker could possibly manipulate search conditions in SQL queries generated by the application.
Package:
Debian
CVE-2016-6317: rails - Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider d...
vendor_debian·2016·CVSS 6.4
CVE-2016-6317 [MEDIUM] CVE-2016-6317: rails - Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider d...
Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.
Scope: local
bookworm: resolved (fixed in 2:4.2.7.1-1)
bullseye: resolved (fixed in 2:4.2.7.1-1)
forky: resolved (fixed in 2:4.2.7.1-1)
sid: resolved (fixed in 2:4.2.7.1-1)
trixie: resolved (fixed in 2:4.2.7.1-1)
Red Hat
rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails
vendor_redhat·2013-01-08·CVSS 6.4
CVE-2013-0155 [MEDIUM] CWE-89 rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails
rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails
Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660 and CVE-2012-2694.
Debian
CVE-2013-0155: rails - Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 ...
vendor_debian·2013·CVSS 6.4
CVE-2013-0155 [MEDIUM] CVE-2013-0155: rails - Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 ...
Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660 and CVE-2012-2694.
Scope: local
bookworm: resolved (fixed in 2.3.14.1)
bullseye: resolved (fixed in 2.3.14.1)
forky: resolved (fixed in 2.3.14.1)
sid: resolved (fixed in 2.3.14.1)
trixie: resolved (fixed in 2.3.14.1)
Red Hat
rubygem-actionpack: Unsafe query generation (a different flaw than CVE-2012-2660)
vendor_redhat·2012-06-12·CVSS 6.4
CVE-2012-2694 [MEDIUM] CWE-138 rubygem-actionpack: Unsafe query generation (a different flaw than CVE-2012-2660)
rubygem-actionpack: Unsafe query generation (a different flaw than CVE-2012-2660)
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain "['xyz', nil]" values, a related issue to CVE-2012-2660.
Red Hat
rubygem-actionpack: Unsafe query generation
vendor_redhat·2012-05-31·CVSS 6.4
CVE-2012-2660 [MEDIUM] rubygem-actionpack: Unsafe query generation
rubygem-actionpack: Unsafe query generation
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2694.
No detection rules found.
No public exploits indexed.
HackerOne
Unsafe Query Generation (CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155) mitigation bypass
hackerone·2018-02-07·CVSS 6.4
CVE-2012-2660 [MEDIUM] Unsafe Query Generation (CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155) mitigation bypass
Unsafe Query Generation (CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155) mitigation bypass
# Unsafe Query Generation Risk in Active Record
There is a vulnerability when Active Record is used in conjunction with JSON
parameter parsing. This vulnerability has been assigned the CVE identifier
CVE-2016-6317. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694
and CVE-2013-0155.
Versions Affected: >= 4.2.0
Not affected: = 5.0.0
Fixed Versions: 4.2.7.1
Impact
Due to the way Active Record interprets parameters in combination with the way that JSON parameters are parsed, it is possible for an attacker to issue unexpected database queries with "IS NULL" or empty where clauses. This issue does *not* let an attacker insert arbitrary values into an SQL query, however they can cause the
Bugzilla
CVE-2013-0155 rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails
bugzilla·2013-01-08·CVSS 6.4
CVE-2013-0155 [MEDIUM] CVE-2013-0155 rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails
CVE-2013-0155 rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails
Damien Mathieu ([email protected]) reports:
Unsafe Query Generation Risk in Ruby on Rails
There is a vulnerability when Active Record is used in conjunction with JSON
parameter parsing. This vulnerability has been assigned the CVE identifier
CVE-2013-0155.
Versions Affected: 3.x series
Not affected: 2.x series
Fixed Versions: 3.2.11, 3.1.10, 3.0.19
Impact
Due to the way Active Record interprets parameters in combination with the way
that JSON parameters are parsed, it is possible for an attacker to issue
unexpected database queries with "IS NULL" or empty where clauses. This issue
does *not* let an attacker insert arbitrary values into an SQL query, however
they can cause the query to check for NULL or el
Bugzilla
CVE-2012-2694 rubygem-actionpack: Unsafe query generation (a different flaw than CVE-2012-2660) [fedora-all]
bugzilla·2012-06-13·CVSS 6.4
CVE-2012-2694 [MEDIUM] CVE-2012-2694 rubygem-actionpack: Unsafe query generation (a different flaw than CVE-2012-2660) [fedora-all]
CVE-2012-2694 rubygem-actionpack: Unsafe query generation (a different flaw than CVE-2012-2660) [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraprojec
Bugzilla
CVE-2012-2694 rubygem-actionpack: Unsafe query generation (a different flaw than CVE-2012-2660)
bugzilla·2012-06-13·CVSS 6.4
CVE-2012-2694 [MEDIUM] CVE-2012-2694 rubygem-actionpack: Unsafe query generation (a different flaw than CVE-2012-2660)
CVE-2012-2694 rubygem-actionpack: Unsafe query generation (a different flaw than CVE-2012-2660)
Originally the CVE identifier of CVE-2012-2660 has been assigned to the following issue:
A security flaw was found in the way rubygem-actionpack, the web-flow and rendering framework putting the VC in MVC, performed SQL query generation based on the content of params hash. If a Ruby on Rails application used Rack to parse query parameters, those parameters were not sanitized for the presence of the 'nil' value and that application relied, when performing user authentication, certain params value not to be 'nil', a remote attacker could use this flaw to bypass the authentication, leading to information disclosure and / or unauthorized access to the service. (bug 827353)
Recently (2012-06-12) i
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.htmlhttp://lists.opensuse.org/opensuse-updates/2012-08/msg00046.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0154.htmlhttps://groups.google.com/group/rubyonrails-security/msg/e2d3a87f2c211def?dmode=source&output=gplainhttp://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.htmlhttp://lists.opensuse.org/opensuse-updates/2012-08/msg00046.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0154.htmlhttps://groups.google.com/group/rubyonrails-security/msg/e2d3a87f2c211def?dmode=source&output=gplain
2012-06-22
Published