CVE-2012-2694 — Improper Neutralization of Special Elements in Project Actionpack

CWE-138 — Improper Neutralization of Special Elements CWE-305 — Authentication Bypass by Primary Weakness CWE-89 — SQL Injection CWE-284 — Improper Access Control CWE-476 — NULL Pointer Dereference CWE-20 — Improper Input Validation15 documents7 sources

Severity

4.3MEDIUMNVD

CNA6.4GHSA6.4OSV6.4

EPSS

0.2%

top 55.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Actionpack Project Actionpack Rubyonrails Ruby ON Rails Rubyonrails Rails

Timeline

PublishedJun 22

Latest updateAug 13

Description

actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain "['xyz', nil]" values, a related issue to CVE-2012-2660.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶NVDrubyonrails/ruby_on_rails3.0.13+1

▶NVDrubyonrails/rails26 versions+25

▶RubyGemsactionpack_project/actionpack3.0.13 — 3.0.14+2

🔴Vulnerability Details

GHSA

Moderate severity vulnerability that affects activerecord↗2018-08-13

▶

OSV

actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request↗2017-10-24

▶

GHSA

actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request↗2017-10-24

▶

GHSA

Active Record allows bypassing of database-query restrictions↗2017-10-24

▶

GHSA

ActiveRecord in Ruby on Rails allows database-query bypass↗2017-10-24

▶

📋Vendor Advisories

Red Hat

rubygem-activerecord: unsafe query generation in Active Record↗2016-08-11

▶

Red Hat

rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails↗2013-01-08

▶

Red Hat

rubygem-actionpack: Unsafe query generation (a different flaw than CVE-2012-2660)↗2012-06-12

▶

Red Hat

rubygem-actionpack: Unsafe query generation↗2012-05-31

▶

💬Community

HackerOne

Unsafe Query Generation (CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155) mitigation bypass↗2018-02-07

▶

Bugzilla

CVE-2012-2694 rubygem-actionpack: Unsafe query generation (a different flaw than CVE-2012-2660) [fedora-all]↗2012-06-13

▶

Bugzilla

CVE-2012-2694 rubygem-actionpack: Unsafe query generation (a different flaw than CVE-2012-2660)↗2012-06-13

▶