The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661.
Metrics
No CVSS v4.0
No CVSS v3.1
No CVSS v3.0
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
AV:N/AC:L/Au:N/C:P/I:P/A:P
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
Vendors | Products |
---|---|
Cloudforms Cloudengine |
|
Redhat |
|
Rhel Sam |
|
Rubyonrails |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Package | CPE | Advisory | Released Date |
---|---|---|---|
CloudForms for RHEL 6 | |||
converge-ui-devel-0:1.0.4-1.el6cf | cpe:/a:cloudforms_cloudengine:1::el6 | RHSA-2012:1542 | 2012-12-04T00:00:00Z |
puppet-0:2.6.17-2.el6cf | cpe:/a:cloudforms_cloudengine:1::el6 | RHSA-2012:1542 | 2012-12-04T00:00:00Z |
rubygem-actionpack-1:3.0.10-10.el6cf | cpe:/a:cloudforms_cloudengine:1::el6 | RHSA-2012:1542 | 2012-12-04T00:00:00Z |
rubygem-activerecord-1:3.0.10-6.el6cf | cpe:/a:cloudforms_cloudengine:1::el6 | RHSA-2012:1542 | 2012-12-04T00:00:00Z |
rubygem-activesupport-1:3.0.10-4.el6cf | cpe:/a:cloudforms_cloudengine:1::el6 | RHSA-2012:1542 | 2012-12-04T00:00:00Z |
rubygem-chunky_png-0:1.2.0-3.el6cf | cpe:/a:cloudforms_cloudengine:1::el6 | RHSA-2012:1542 | 2012-12-04T00:00:00Z |
rubygem-compass-0:0.11.5-2.el6cf | cpe:/a:cloudforms_cloudengine:1::el6 | RHSA-2012:1542 | 2012-12-04T00:00:00Z |
rubygem-compass-960-plugin-0:0.10.4-2.el6cf | cpe:/a:cloudforms_cloudengine:1::el6 | RHSA-2012:1542 | 2012-12-04T00:00:00Z |
rubygem-delayed_job-0:2.1.4-2.el6cf | cpe:/a:cloudforms_cloudengine:1::el6 | RHSA-2012:1542 | 2012-12-04T00:00:00Z |
rubygem-ldap_fluff-0:0.1.3-1.el6_3 | cpe:/a:cloudforms_cloudengine:1::el6 | RHSA-2012:1542 | 2012-12-04T00:00:00Z |
rubygem-mail-0:2.3.0-3.el6cf | cpe:/a:cloudforms_cloudengine:1::el6 | RHSA-2012:1542 | 2012-12-04T00:00:00Z |
rubygem-net-ldap-0:0.1.1-3.el6cf | cpe:/a:cloudforms_cloudengine:1::el6 | RHSA-2012:1542 | 2012-12-04T00:00:00Z |
Red Hat Subscription Asset Manager 1.1 | |||
rubygem-actionpack-1:3.0.10-11.el6cf | cpe:/a:rhel_sam:1.1::el6 | RHSA-2013:0154 | 2013-01-10T00:00:00Z |
rubygem-activerecord-1:3.0.10-8.el6cf | cpe:/a:rhel_sam:1.1::el6 | RHSA-2013:0154 | 2013-01-10T00:00:00Z |
rubygem-activesupport-1:3.0.10-5.el6cf | cpe:/a:rhel_sam:1.1::el6 | RHSA-2013:0154 | 2013-01-10T00:00:00Z |
RHEL 6 Version of OpenShift Enterprise | |||
graphviz-0:2.26.0-10.el6 | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
openshift-console-0:0.0.16-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
openshift-origin-broker-0:1.0.11-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
openshift-origin-broker-util-0:1.0.15-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
openshift-origin-cartridge-cron-1.4-0:1.0.3-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
openshift-origin-cartridge-diy-0.1-0:1.0.3-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
openshift-origin-cartridge-haproxy-1.4-0:1.0.4-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
openshift-origin-cartridge-jbosseap-6.0-0:1.0.4-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
openshift-origin-cartridge-jbossews-1.0-0:1.0.13-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
openshift-origin-cartridge-jenkins-1.4-0:1.0.2-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
openshift-origin-cartridge-jenkins-client-1.4-0:1.0.2-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
openshift-origin-cartridge-mysql-5.1-0:1.0.5-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
openshift-origin-cartridge-perl-5.10-0:1.0.3-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
openshift-origin-cartridge-php-5.3-0:1.0.5-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
openshift-origin-cartridge-postgresql-8.4-0:1.0.3-2.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
openshift-origin-cartridge-ruby-1.8-0:1.0.7-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
openshift-origin-cartridge-ruby-1.9-scl-0:1.0.8-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
openshift-origin-msg-node-mcollective-0:1.0.3-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
php-0:5.3.3-22.el6 | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
ruby193-ruby-0:1.9.3.327-25.el6 | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
ruby193-rubygem-actionpack-1:3.2.8-3.el6 | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
ruby193-rubygem-activemodel-0:3.2.8-2.el6 | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
ruby193-rubygem-activerecord-1:3.2.8-3.el6 | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
ruby193-rubygem-railties-0:3.2.8-2.el6 | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
ruby193-rubygem-ruby_parser-0:2.3.1-3.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
rubygem-actionpack-1:3.0.13-4.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
rubygem-activemodel-0:3.0.13-3.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
rubygem-activerecord-1:3.0.13-5.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
rubygem-bson-0:1.8.1-2.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
rubygem-mongo-0:1.8.1-2.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
rubygem-openshift-origin-auth-remote-user-0:1.0.5-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
rubygem-openshift-origin-console-0:1.0.10-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
rubygem-openshift-origin-controller-0:1.0.12-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
rubygem-openshift-origin-node-0:1.0.11-1.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
rubygem-ruby_parser-0:2.0.4-6.el6op | cpe:/a:redhat:openshift:1::el6 | RHSA-2013:0582 | 2013-02-28T00:00:00Z |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2012-06-22T14:00:00
Updated: 2024-08-06T19:42:31.701Z
Reserved: 2012-05-14T00:00:00
Link: CVE-2012-2695
Vulnrichment
No data.
NVD
Status : Modified
Published: 2012-06-22T14:55:01.147
Modified: 2024-11-21T01:39:27.853
Link: CVE-2012-2695
Redhat