actionpack allows bypass of database-query restrictions
Moderate severity
GitHub Reviewed
Published
Oct 24, 2017
to the GitHub Advisory Database
•
Updated Aug 25, 2023
Package
Affected versions
>= 3.0.0, < 3.2.16
>= 4.0.0, < 4.0.2
Patched versions
3.2.16
4.0.2
Description
Published by the National Vulnerability Database
Dec 7, 2013
Published to the GitHub Advisory Database
Oct 24, 2017
Reviewed
Jun 16, 2020
Last updated
Aug 25, 2023
actionpack/lib/action_dispatch/http/request.rb
in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request that leverages (1) third-party Rack middleware or (2) custom Rack middleware. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-0155.References