| CVE-2013-0277 |
critical |
— |
10.0 |
|
|
|
14y ago |
ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +seria… |
| CVE-2022-32224 |
critical |
9.8 |
9.8 |
|
|
|
4y ago |
Active Record RCE bug with Serialized Columns |
| CVE-2014-0080 |
medium |
— |
6.8 |
|
|
|
13y ago |
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, al… |
| CVE-2010-3933 |
medium |
— |
6.4 |
|
|
|
9y ago |
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs. |
| CVE-2012-2660 |
medium |
— |
6.4 |
|
|
|
9y ago |
Action Pack contains database-query restrictions bypass |
| CVE-2013-3221 |
medium |
— |
6.4 |
|
|
|
13y ago |
The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored value… |
| CVE-2013-0155 |
medium |
— |
6.4 |
|
|
|
14y ago |
Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implement… |
| CVE-2015-7577 |
medium |
5.3 |
5.3 |
|
|
|
11y ago |
activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta… |
| CVE-2013-1854 |
medium |
— |
5.0 |
|
|
|
13y ago |
The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attack… |
| CVE-2012-2661 |
medium |
— |
5.0 |
|
|
|
14y ago |
The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveReco… |
| CVE-2013-0276 |
medium |
— |
4.3 |
|
|
|
14y ago |
ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attr_protected protection mechanism and modify protected model attribut… |
