Skip to content

Commit

Permalink
Improve GHSA-gh2w-j7cx-2664
Browse files Browse the repository at this point in the history
  • Loading branch information
@levpachmanov
levpachmanov committed Jan 21, 2025
1 parent c3c5b27 commit 10521df
Showing 1 changed file with 12 additions and 13 deletions.
25 changes: 12 additions & 13 deletions advisories/github-reviewed/2017/10/GHSA-gh2w-j7cx-2664/GHSA-gh2w-j7cx-2664.json
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,16 @@
{
"schema_version": "1.4.0",
"id": "GHSA-gh2w-j7cx-2664",
"modified": "2025-01-21T15:26:26Z",
"modified": "2025-01-21T15:26:27Z",
"published": "2017-10-24T18:33:37Z",
"aliases": [
"CVE-2012-6496"
],
"summary": "Active Record contains SQL Injection",
"details": "SQL injection vulnerability in the Active Record component in Ruby on Rails before 2.3.15, 3.0.x before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use unexpected data types in certain find_by_ method calls.",
"severity": [],
"severity": [

],
"affected": [
{
"package": {
Expand All @@ -20,10 +22,10 @@
"type": "ECOSYSTEM",
"events": [
{
"introduced": "3.0.0.beta"
"introduced": "3.1.0"
},
{
"fixed": "3.0.18"
"fixed": "3.1.9"
}
]
}
Expand All @@ -39,10 +41,10 @@
"type": "ECOSYSTEM",
"events": [
{
"introduced": "3.1.0"
"introduced": "3.2.0"
},
{
"fixed": "3.1.9"
"fixed": "3.2.10"
}
]
}
Expand All @@ -58,10 +60,10 @@
"type": "ECOSYSTEM",
"events": [
{
"introduced": "3.2.0"
"introduced": "3.0.0.beta"
},
{
"fixed": "3.2.10"
"fixed": "3.0.18"
}
]
}
Expand All @@ -80,14 +82,11 @@
"introduced": "0"
},
{
"fixed": "3.0.18"
"fixed": "2.3.15"
}
]
}
],
"database_specific": {
"last_known_affected_version_range": "< 2.3.15"
}
]
}
],
"references": [
Expand Down

0 comments on commit 10521df

Please sign in to comment.