VDB

RHSA-2013%3A0155

RHSA-2013%3A0155 PUBLISHED CVSS 6.400000095367432 MEDIUM

SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use unexpected data types in certain find_by_ method calls.

Risk Scores

CVSS 2.0
6.400000095367432

Affected Products

VendorProductVersions
Red Hatrubygem-actionpack-1:3.0.10-11.el6cf.src as a component of CloudForms Cloud Engine for RHEL 6 Serverrubygem-actionpack-1:3.0.10-11.el6cf.src
Red Hatrubygem-activerecord-1:3.0.10-8.el6cf.src as a component of CloudForms System Engine for RHEL 6 Serverrubygem-activerecord-1:3.0.10-8.el6cf.src
Red Hatrubygem-activerecord-1:3.0.10-8.el6cf.src as a component of CloudForms Cloud Engine for RHEL 6 Serverrubygem-activerecord-1:3.0.10-8.el6cf.src
Red Hatrubygem-activesupport-1:3.0.10-5.el6cf.src as a component of CloudForms System Engine for RHEL 6 Serverrubygem-activesupport-1:3.0.10-5.el6cf.src
Red Hatrubygem-actionpack-1:3.0.10-11.el6cf.src as a component of CloudForms System Engine for RHEL 6 Serverrubygem-actionpack-1:3.0.10-11.el6cf.src
Red Hatrubygem-actionpack-1:3.0.10-11.el6cf.noarch as a component of CloudForms System Engine for RHEL 6 Server*
Red Hatrubygem-actionpack-1:3.0.10-11.el6cf.noarch as a component of CloudForms Cloud Engine for RHEL 6 Serverrubygem-actionpack-1:3.0.10-11.el6cf.noarch
Red Hatrubygem-activerecord-1:3.0.10-8.el6cf.noarch as a component of CloudForms System Engine for RHEL 6 Serverrubygem-activerecord-1:3.0.10-8.el6cf.noarch
Red Hatrubygem-activesupport-1:3.0.10-5.el6cf.noarch as a component of CloudForms System Engine for RHEL 6 Serverrubygem-activesupport-1:3.0.10-5.el6cf.noarch
Red Hatrubygem-activerecord-1:3.0.10-8.el6cf.noarch as a component of CloudForms Cloud Engine for RHEL 6 Server*
Red Hatrubygem-activesupport-1:3.0.10-5.el6cf.noarch as a component of CloudForms Cloud Engine for RHEL 6 Server*
Red Hatrubygem-activesupport-1:3.0.10-5.el6cf.src as a component of CloudForms Cloud Engine for RHEL 6 Serverrubygem-activesupport-1:3.0.10-5.el6cf.src

Timeline

  • Jan 10, 2013 CVE Published
  • Jan 14, 2013 PoC Published
  • Apr 25, 2013 PoC Published
  • May 27, 2014 PoC Published
  • May 14, 2016 PoC Published
  • Mar 20, 2020 PoC Published
  • Mar 27, 2026 CVE Updated
  • Apr 29, 2026 Distribution Patch
  • Apr 29, 2026 Distribution Patch
  • Apr 29, 2026 Security Advisory
  • Apr 29, 2026 Security Advisory
  • Apr 29, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›