CVE-2016-6317Improper Access Control in Rails

CWE-284Improper Access ControlCWE-476NULL Pointer DereferenceCWE-20Improper Input Validation10 documents8 sources
Severity
7.5HIGHNVD
CNA6.4GHSA6.4OSV6.4
EPSS
0.4%
top 40.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Rubyonrails RailsActiverecord Project Activerecord
Timeline
PublishedSep 7
Latest updateFeb 7

Description

Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

RubyGemsactiverecord_project/activerecord4.2.04.2.7.1
Debianrubyonrails/rails< 2:4.2.7.1-1+3
NVDrubyonrails/rails10 versions+9

🔴Vulnerability Details

4
GHSA
ActiveRecord in Ruby on Rails allows database-query bypass2017-10-24
OSV
ActiveRecord in Ruby on Rails allows database-query bypass2017-10-24
CVEList
CVE-2016-6317: Action Record in Ruby on Rails 42016-09-07
OSV
CVE-2016-6317: Action Record in Ruby on Rails 42016-09-07

📋Vendor Advisories

2
Red Hat
rubygem-activerecord: unsafe query generation in Active Record2016-08-11
Debian
CVE-2016-6317: rails - Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider d...2016

💬Community

3
HackerOne
Unsafe Query Generation (CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155) mitigation bypass2018-02-07
Bugzilla
CVE-2016-6317 rubygem-activerecord: unsafe query generation in Active Record [fedora-all]2016-08-12
Bugzilla
CVE-2016-6317 rubygem-activerecord: unsafe query generation in Active Record2016-08-08
CVE-2016-6317 — Improper Access Control in Rails | cvebase