CVE-2013-0155 — Improper Access Control in Rails

CWE-264 CWE-284 — Improper Access Control CWE-89 — SQL Injection CWE-476 — NULL Pointer Dereference CWE-20 — Improper Input Validation16 documents8 sources

Severity

6.4MEDIUMNVD

EPSS

18.2%

top 4.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Rubyonrails Rails Rubyonrails Ruby ON Rails Activerecord Project Activerecord +1 more

Timeline

PublishedJan 13

Latest updateAug 13

Description

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660 and CVE-2012-2694.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages4 packages

▶NVDrubyonrails/rails3.2.0 — 3.2.11

▶NVDrubyonrails/ruby_on_rails3.0.0 — 3.0.19+1

▶RubyGemsactiverecord_project/activerecord3.0.0 — 3.0.19+2

▶Debianrubyonrails/rails< 2.3.14.1+3

Also affects: Debian Linux 6.0

🔴Vulnerability Details

GHSA

Moderate severity vulnerability that affects activerecord↗2018-08-13

▶

OSV

Active Record allows bypassing of database-query restrictions↗2017-10-24

▶

GHSA

Active Record allows bypassing of database-query restrictions↗2017-10-24

▶

GHSA

ActiveRecord in Ruby on Rails allows database-query bypass↗2017-10-24

▶

GHSA

actionpack allows bypass of database-query restrictions↗2017-10-24

▶

📋Vendor Advisories

Red Hat

rubygem-activerecord: unsafe query generation in Active Record↗2016-08-11

▶

Red Hat

rubygem-actionpack: unsafe query generation risk (incomplete fix for CVE-2013- 0155)↗2013-12-03

▶

Red Hat

rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails↗2013-01-08

▶

Debian

CVE-2013-0155: rails - Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 ...↗2013

▶

💬Community

HackerOne

Unsafe Query Generation (CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155) mitigation bypass↗2018-02-07

▶

Bugzilla

CVE-2013-6417 rubygem-actionpack: unsafe query generation risk (incomplete fix for CVE-2013- 0155)↗2013-12-01

▶

Bugzilla

CVE-2013-0155 CVE-2013-0156 rubygem-actionpack various flaws [fedora-all]↗2013-01-09

▶

Bugzilla

CVE-2013-0155 rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails↗2013-01-08

▶