Vulnerability Database

289,782

Total vulnerabilities in the database

CVE-2012-2695

The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661.

CVSS v2:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

Software From Fixed in
rubyonrails / ruby_on_rails - 3.0.13.x
rubyonrails / ruby_on_rails 3.0.4 3.0.4.x
rubyonrails / rails 3.0.0-beta 3.0.0-beta.x
rubyonrails / rails 3.0.0-beta2 3.0.0-beta2.x
rubyonrails / rails 3.0.0-beta3 3.0.0-beta3.x
rubyonrails / rails 3.0.0-beta4 3.0.0-beta4.x
rubyonrails / rails 3.0.0-rc 3.0.0-rc.x
rubyonrails / rails 3.0.0-rc2 3.0.0-rc2.x
rubyonrails / rails 3.0.1-pre 3.0.1-pre.x
rubyonrails / rails 3.0.2-pre 3.0.2-pre.x
rubyonrails / rails 3.0.0 3.0.0.x
rubyonrails / rails 3.0.10-rc1 3.0.10-rc1.x
rubyonrails / rails 3.0.10 3.0.10.x
rubyonrails / rails 3.0.12-rc1 3.0.12-rc1.x
rubyonrails / rails 3.0.12 3.0.12.x
rubyonrails / rails 3.0.13-rc1 3.0.13-rc1.x
rubyonrails / rails 3.0.1 3.0.1.x
rubyonrails / rails 3.0.2 3.0.2.x
rubyonrails / rails 3.0.3 3.0.3.x
rubyonrails / rails 3.0.11 3.0.11.x
rubyonrails / rails 3.0.4-rc1 3.0.4-rc1.x
rubyonrails / rails 3.0.5 3.0.5.x
rubyonrails / rails 3.0.5-rc1 3.0.5-rc1.x
rubyonrails / rails 3.0.6-rc1 3.0.6-rc1.x
rubyonrails / rails 3.0.6-rc2 3.0.6-rc2.x
rubyonrails / rails 3.0.6 3.0.6.x
rubyonrails / rails 3.0.7-rc1 3.0.7-rc1.x
rubyonrails / rails 3.0.7-rc2 3.0.7-rc2.x
rubyonrails / rails 3.0.7 3.0.7.x
rubyonrails / rails 3.0.8-rc1 3.0.8-rc1.x
rubyonrails / rails 3.0.8-rc2 3.0.8-rc2.x
rubyonrails / rails 3.0.8-rc3 3.0.8-rc3.x
rubyonrails / rails 3.0.8-rc4 3.0.8-rc4.x
rubyonrails / rails 3.0.8 3.0.8.x
rubyonrails / rails 3.0.9-rc1 3.0.9-rc1.x
rubyonrails / rails 3.0.9-rc2 3.0.9-rc2.x
rubyonrails / rails 3.0.9-rc3 3.0.9-rc3.x
rubyonrails / rails 3.0.9-rc4 3.0.9-rc4.x
rubyonrails / rails 3.0.9 3.0.9.x
rubyonrails / rails 3.0.9-rc5 3.0.9-rc5.x
rubyonrails / rails 3.1.0-beta1 3.1.0-beta1.x
rubyonrails / rails 3.1.0-rc1 3.1.0-rc1.x
rubyonrails / rails 3.1.0-rc2 3.1.0-rc2.x
rubyonrails / rails 3.1.0-rc3 3.1.0-rc3.x
rubyonrails / rails 3.1.0-rc4 3.1.0-rc4.x
rubyonrails / rails 3.1.0-rc5 3.1.0-rc5.x
rubyonrails / rails 3.1.0-rc6 3.1.0-rc6.x
rubyonrails / rails 3.1.0-rc7 3.1.0-rc7.x
rubyonrails / rails 3.1.0 3.1.0.x
rubyonrails / rails 3.1.0-rc8 3.1.0-rc8.x
rubyonrails / rails 3.1.1-rc1 3.1.1-rc1.x
rubyonrails / rails 3.1.1-rc2 3.1.1-rc2.x
rubyonrails / rails 3.1.1 3.1.1.x
rubyonrails / rails 3.1.1-rc3 3.1.1-rc3.x
rubyonrails / rails 3.1.2-rc1 3.1.2-rc1.x
rubyonrails / rails 3.1.2-rc2 3.1.2-rc2.x
rubyonrails / rails 3.1.2 3.1.2.x
rubyonrails / rails 3.1.4 3.1.4.x
rubyonrails / rails 3.1.4-rc1 3.1.4-rc1.x
rubyonrails / rails 3.1.5 3.1.5.x
rubyonrails / rails 3.1.5-rc1 3.1.5-rc1.x
rubyonrails / rails 3.1.3 3.1.3.x
rubyonrails / rails 3.2.0-rc1 3.2.0-rc1.x
rubyonrails / rails 3.2.0-rc2 3.2.0-rc2.x
rubyonrails / rails 3.2.0 3.2.0.x
rubyonrails / rails 3.2.1 3.2.1.x
rubyonrails / rails 3.2.5 3.2.5.x
rubyonrails / rails 3.2.2-rc1 3.2.2-rc1.x
rubyonrails / rails 3.2.2 3.2.2.x
rubyonrails / rails 3.2.3-rc1 3.2.3-rc1.x
rubyonrails / rails 3.2.3 3.2.3.x
rubyonrails / rails 3.2.3-rc2 3.2.3-rc2.x
rubyonrails / rails 3.2.4 3.2.4.x
rubyonrails / rails 3.2.4-rc1 3.2.4-rc1.x
activerecord - 3.0.14
activerecord 3.1.0 3.1.6
activerecord 3.2.0 3.2.6