|Bugzilla:||831581: CVE-2012-2694 rubygem-actionpack: Unsafe query generation (a different flaw than CVE-2012-2660)|
The MITRE CVE dictionary describes this issue as:
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain "['xyz', nil]" values, a related issue to CVE-2012-2660.
CVSS v2 metrics
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
|CloudForms System Engine for RHEL 6 Server||RHSA-2012:1542||December 04, 2012|
|Red Hat OpenShift Enterprise Client Tools||RHSA-2013:0582||February 28, 2013|
|Red Hat Subscription Asset Manager for RHEL 6 Server||RHSA-2013:0154||January 10, 2013|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.