{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-08-11T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-25T20:57:01.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "92434", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/92434"}, {"name": "[oss-security] 20160811 [CVE-2016-6317] Unsafe Query Generation Risk in Active Record", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/08/11/4"}, {"name": "RHSA-2016:1855", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1855.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/"}, {"name": "[ruby-security-ann] 20160811 [CVE-2016-6317] Unsafe Query Generation Risk in Active Record", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://groups.google.com/forum/#%21topic/ruby-security-ann/WccgKSKiPZA"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-6317", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "92434", "refsource": "BID", "url": "http://www.securityfocus.com/bid/92434"}, {"name": "[oss-security] 20160811 [CVE-2016-6317] Unsafe Query Generation Risk in Active Record", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/08/11/4"}, {"name": "RHSA-2016:1855", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-1855.html"}, {"name": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/", "refsource": "CONFIRM", "url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/"}, {"name": "[ruby-security-ann] 20160811 [CVE-2016-6317] Unsafe Query Generation Risk in Active Record", "refsource": "MLIST", "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:29:18.444Z"}, "title": "CVE Program Container", "references": [{"name": "92434", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/92434"}, {"name": "[oss-security] 20160811 [CVE-2016-6317] Unsafe Query Generation Risk in Active Record", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/08/11/4"}, {"name": "RHSA-2016:1855", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1855.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/"}, {"name": "[ruby-security-ann] 20160811 [CVE-2016-6317] Unsafe Query Generation Risk in Active Record", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://groups.google.com/forum/#%21topic/ruby-security-ann/WccgKSKiPZA"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-6317", "datePublished": "2016-09-07T19:00:00.000Z", "dateReserved": "2016-07-26T00:00:00.000Z", "dateUpdated": "2024-08-06T01:29:18.444Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "9A68D41F-36A9-4B77-814D-996F4E48FA79", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "709A19A5-8FD1-4F9C-A38C-F06242A94D68", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "8104482C-E8F5-40A7-8B27-234FEF725FD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "2CFF8677-EA00-4F7E-BFF9-272482206DB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "8D7DF5CD-DA28-492D-B5EE-D252ECCC8D96", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "85435026-9855-4BF4-A436-832628B005FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "56C2308F-A590-47B0-9791-7865D189196F", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "9A266882-DABA-4A4C-88E6-60E993EE0947", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "83F1142C-3BFB-4B72-A033-81E20DB19D02", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "1FA738A1-227B-4665-B65E-666883FFAE96", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "6F00718C-A9E8-4E85-8DA6-33BF11F2DCCE", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc3:*:*:*:*:*:*", "matchCriteriaId": "10789A2D-6401-4119-BFBE-2EE4C16216D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc4:*:*:*:*:*:*", "matchCriteriaId": "70ABD462-7142-4831-8EB6-801EC1D05573", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "81D717DB-7C80-48AA-A774-E291D2E75D6E", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "06B357FB-0307-4EFA-9C5B-3C2CDEA48584", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "E4BD8840-0F1C-49D3-B843-9CFE64948018", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "79D5B492-43F9-470F-BD21-6EFD93E78453", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*", "matchCriteriaId": "4EC1F602-D48C-458A-A063-4050BE3BB25F", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "F6A1C015-56AD-489C-B301-68CF1DBF1BEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*", "matchCriteriaId": "FD191625-ACE2-46B6-9AAD-12D682C732C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*", "matchCriteriaId": "02C7DB56-267B-4057-A9BA-36D1E58C6282", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "EC163D49-691B-4125-A983-6CF6F6D86DEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "68B537D1-1584-4D15-9C75-08ED4D45DC3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "6A19315C-9A9D-45FE-81C8-074744825B98", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.6:rc1:*:*:*:*:*:*", "matchCriteriaId": "1E3B4233-E117-4E77-A60D-3DFD5073154D", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "392CF25B-8400-4185-863F-D6353B664FB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.7:rc1:*:*:*:*:*:*", "matchCriteriaId": "3037282A-863A-4C92-A40C-4D436D2621C1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155."}, {"lang": "es", "value": "Action Record en Ruby en Rails 4.2.x en versiones anteriores a 4.2.7.1 no considera adecuadamente las diferencias en en el manejo de par\u00e1metros entre el componente Active Record y la implementaci\u00f3n de JSON, lo que permite a atacantes remotos eludir restricciones destinadas a la consulta de base de datos y realizar comprobaciones NULL o desencadenar clausulas perdidas WHERE a trav\u00e9s de un solicitud manipulada, como se demuestra por ciertos valores \"[nil]\", un problema relacionado con CVE-2012-2660, CVE-2012-2694 y CVE-2013-0155."}], "id": "CVE-2016-6317", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-09-07T19:28:11.410", "references": [{"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-1855.html"}, {"source": "secalert@redhat.com", "tags": ["Release Notes"], "url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/08/11/4"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/92434"}, {"source": "secalert@redhat.com", "url": "https://groups.google.com/forum/#%21topic/ruby-security-ann/WccgKSKiPZA"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-1855.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/08/11/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/92434"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://groups.google.com/forum/#%21topic/ruby-security-ann/WccgKSKiPZA"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Ruby on Rails project for reporting this issue. Upstream acknowledges joernchen (Phenoelit) as the original reporter.", "affected_release": [{"advisory": "RHSA-2016:1855", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-ror42-rubygem-actionpack-1:4.2.6-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2016-09-13T00:00:00Z"}, {"advisory": "RHSA-2016:1855", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-ror42-rubygem-actionview-0:4.2.6-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2016-09-13T00:00:00Z"}, {"advisory": "RHSA-2016:1855", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-ror42-rubygem-activerecord-1:4.2.6-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2016-09-13T00:00:00Z"}, {"advisory": "RHSA-2016:1855", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-ror42-rubygem-actionpack-1:4.2.6-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS", "release_date": "2016-09-13T00:00:00Z"}, {"advisory": "RHSA-2016:1855", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-ror42-rubygem-actionview-0:4.2.6-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS", "release_date": "2016-09-13T00:00:00Z"}, {"advisory": "RHSA-2016:1855", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-ror42-rubygem-activerecord-1:4.2.6-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS", "release_date": "2016-09-13T00:00:00Z"}, {"advisory": "RHSA-2016:1855", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-ror42-rubygem-actionpack-1:4.2.6-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date": "2016-09-13T00:00:00Z"}, {"advisory": "RHSA-2016:1855", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-ror42-rubygem-actionview-0:4.2.6-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date": "2016-09-13T00:00:00Z"}, {"advisory": "RHSA-2016:1855", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-ror42-rubygem-activerecord-1:4.2.6-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date": "2016-09-13T00:00:00Z"}], "bugzilla": {"description": "rubygem-activerecord: unsafe query generation in Active Record", "id": "1365017", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365017"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified"}, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified"}, "cwe": "CWE-20", "details": ["Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.", "A flaw was found in the way Active Record handled certain special values in dynamic finders and relations. If a Ruby on Rails application performed JSON parameter parsing, a remote attacker could possibly manipulate search conditions in SQL queries generated by the application."], "name": "CVE-2016-6317", "package_state": [{"cpe": "cpe:/a:redhat:openstack-installer:5", "fix_state": "Not affected", "package_name": "ruby193-rubygem-activerecord", "product_name": "OpenStack Foreman"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Not affected", "package_name": "rh-ror41-rubygem-activerecord", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Not affected", "package_name": "ror40-rubygem-activerecord", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Not affected", "package_name": "ruby193-rubygem-activerecord", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:rhel_sam:1", "fix_state": "Not affected", "package_name": "ruby193-rubygem-activerecord", "product_name": "Red Hat Subscription Asset Manager"}, {"cpe": "cpe:/a:rhel_sam:1", "fix_state": "Not affected", "package_name": "rubygem-activerecord", "product_name": "Red Hat Subscription Asset Manager"}], "public_date": "2016-08-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-6317\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6317\nhttps://groups.google.com/forum/#!msg/rubyonrails-security/rgO20zYW33s/gmamLa-wDAAJ"], "threat_severity": "Moderate"}

{}