The Active Record component in Ruby on Rails 3.0.x prior to 3.0.13, 3.1.x prior to 3.1.5, and 3.2.x prior to 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote malicious users to conduct certain SQL injection attacks via nested query parameters that leverage unintended recursion, a related issue to CVE-2012-2695.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
rubyonrails rails 3.0.8 |
||
rubyonrails rails 3.0.5 |
||
rubyonrails rails 3.0.7 |
||
rubyonrails ruby on rails 3.0.4 |
||
rubyonrails rails 3.0.9 |
||
rubyonrails rails 3.0.2 |
||
rubyonrails rails 3.0.12 |
||
rubyonrails rails 3.0.0 |
||
rubyonrails rails 3.0.1 |
||
rubyonrails rails 3.0.6 |
||
rubyonrails rails 3.0.11 |
||
rubyonrails rails 3.0.4 |
||
rubyonrails rails 3.0.13 |
||
rubyonrails rails 3.0.10 |
||
rubyonrails rails 3.0.3 |
||
rubyonrails rails 3.1.0 |
||
rubyonrails rails 3.1.2 |
||
rubyonrails rails 3.1.5 |
||
rubyonrails rails 3.1.4 |
||
rubyonrails rails 3.1.1 |
||
rubyonrails rails 3.1.3 |
||
rubyonrails rails 3.2.4 |
||
rubyonrails rails 3.2.3 |
||
rubyonrails rails 3.2.0 |
||
rubyonrails rails 3.2.2 |
||
rubyonrails rails 3.2.1 |
Vulmon