WID-SEC-W-2022-0662

Affected Products

Exploit Intelligence

• ooooooo-q/cve-2022-32224-rails (github-poc)
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/HY4OG4XVEU3VJA7BHFONYS4OFAKMFV4J/ (circl)
• https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0662.json (circl)
• https://rubyonrails.org/2022/7/12/Rails-Versions-7-0-3-1-6-1-6-1-6-0-5-1-and-5-2-8-1-have-been-released (circl)
• https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html (circl)
• https://access.redhat.com/errata/RHSA-2023:0261 (circl)
• https://access.redhat.com/errata/RHSA-2023:1151 (circl)
• https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017 (circl)
• https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0662 (circl)
• https://security.gentoo.org/glsa/202408-24 (circl)

…and 6 more exploits

Timeline

• Jul 12, 2022 CVE Published
• May 18, 2025 CVE Updated
• Apr 3, 2026 Distribution Patch
• Apr 3, 2026 Distribution Patch

References

• https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0662.json advisory
• https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0662 advisory
• https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017 url
• https://rubyonrails.org/2022/7/12/Rails-Versions-7-0-3-1-6-1-6-1-6-0-5-1-and-5-2-8-1-have-been-released url
• https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html url
• https://access.redhat.com/errata/RHSA-2023:0261 url
• https://access.redhat.com/errata/RHSA-2023:1151 url
• https://security.gentoo.org/glsa/202408-24 url
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/HY4OG4XVEU3VJA7BHFONYS4OFAKMFV4J/ url