Red Hat Customer Portal

Skip to main content

CVE-2012-5664

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6496, CVE-2012-6497. Reason: this candidate was intended for one issue, but the candidate was publicly used to label concerns about multiple products. Notes: All CVE users should consult CVE-2012-6496 and CVE-2012-6497 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Details Source

Mitre

Public Date

2012-12-21 00:00:00

Impact

Moderate

Bugzilla

CVE-2012-6496 rubygem-activerecord: find_by_* SQL Injection

Bugzilla ID

889 649

CVSS Status

draft

Base Score

6.40

Base Metrics

AV:N/AC:L/Au:N/C:N/I:P/A:P

External References

http://phenoelit.org/blog/archives/2012/12/21/let_me_github_that_for_you/index.html

CWE

CWE-89

Affected Packages State

Platform Package State
Red Hat Subscription Asset Manager 1 rubygem-activerecord Affected
Red Hat OpenShift Enterprise 1 ruby-rubygem-activerecord Affected
Red Hat OpenShift Enterprise 1 ruby193-rubygem-activerecord Affected
Red Hat CloudForms Tools 1 rubygem-activerecord Will not fix