Moderate severity vulnerability that affects activerecord

Withdrawn, accidental duplicate publish.

Active Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.

Published: Aug 13, 2018
Updated: Apr 14, 2023
GHSA: GHSA-m8h6-m9p5-p2f8
Severity: Medium
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
activerecord	4.2.0	4.2.7.1

No references available.

Vulnerability Database

289,697

Moderate severity vulnerability that affects activerecord