{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-32224", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "dateUpdated": "2024-08-03T07:32:56.015Z", "dateReserved": "2022-06-01T00:00:00", "datePublished": "2022-12-05T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2022-12-05T00:00:00"}, "descriptions": [{"lang": "en", "value": "A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE."}], "affected": [{"vendor": "n/a", "product": "https://github.com/rails/rails", "versions": [{"version": "7.0.3.1, 6.1.6.1, 6.0.5.1, 5.2.8.1", "status": "affected"}]}], "references": [{"url": "https://github.com/advisories/GHSA-3hhc-qp5v-9p2j"}, {"url": "https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "Deserialization of Untrusted Data (CWE-502)", "cweId": "CWE-502"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:32:56.015Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/advisories/GHSA-3hhc-qp5v-9p2j", "tags": ["x_transferred"]}, {"url": "https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:activerecord_project:activerecord:*:*:*:*:*:ruby:*:*", "matchCriteriaId": "49ED831D-395F-4B7C-8388-F5444C2791EC", "versionEndExcluding": "5.2.8.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:activerecord_project:activerecord:*:*:*:*:*:ruby:*:*", "matchCriteriaId": "C20A0930-5A11-441C-AD56-1605DA61A2EF", "versionEndExcluding": "6.0.5.1", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:activerecord_project:activerecord:*:*:*:*:*:ruby:*:*", "matchCriteriaId": "05750DC8-484A-4C65-91C2-400C4EFA839F", "versionEndExcluding": "6.1.6.1", "versionStartIncluding": "6.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:activerecord_project:activerecord:*:*:*:*:*:ruby:*:*", "matchCriteriaId": "A3B8830F-EBB1-4EAC-A828-921F79D55765", "versionEndExcluding": "7.0.3.1", "versionStartIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE."}, {"lang": "es", "value": "Existe una posible escalada a la vulnerabilidad RCE cuando se utilizan columnas serializadas YAML en Active Record &lt; 7.0.3.1, &lt;6.1.6.1, &lt;6.0.5.1 y &lt;5.2.8.1, lo que podr\u00eda permitir a un atacante, que puede manipular datos en la base de datos (a trav\u00e9s de medios como la inyecci\u00f3n SQL), la capacidad de escalar a un RCE."}], "id": "CVE-2022-32224", "lastModified": "2024-11-21T07:05:57.577", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-05T22:15:10.397", "references": [{"source": "support@hackerone.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/advisories/GHSA-3hhc-qp5v-9p2j"}, {"source": "support@hackerone.com", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/advisories/GHSA-3hhc-qp5v-9p2j"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "support@hackerone.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:1151", "cpe": "cpe:/a:redhat:satellite:6.11::el7", "impact": "important", "package": "tfm-rubygem-activerecord-0:6.0.6-2.el7sat", "product_name": "Red Hat Satellite 6.11 for RHEL 7", "release_date": "2023-03-07T00:00:00Z"}, {"advisory": "RHSA-2023:1151", "cpe": "cpe:/a:redhat:satellite:6.11::el8", "impact": "important", "package": "rubygem-activerecord-0:6.0.6-2.el8sat", "product_name": "Red Hat Satellite 6.11 for RHEL 8", "release_date": "2023-03-07T00:00:00Z"}, {"advisory": "RHSA-2023:0261", "cpe": "cpe:/a:redhat:satellite:6.12::el8", "impact": "important", "package": "rubygem-activerecord-0:6.0.6-2.el8sat", "product_name": "Red Hat Satellite 6.12 for RHEL 8", "release_date": "2023-01-18T00:00:00Z"}, {"advisory": "RHSA-2023:2097", "cpe": "cpe:/a:redhat:satellite:6.13::el8", "impact": "important", "package": "rubygem-activerecord-0:6.1.7-1.el8sat", "product_name": "Red Hat Satellite 6.13 for RHEL 8", "release_date": "2023-05-03T00:00:00Z"}], "bugzilla": {"description": "activerecord: Possible RCE escalation bug with Serialized Columns in Active Record", "id": "2108997", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108997"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-94", "details": ["A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE.", "An insecure deserialization flaw was found in Active Record, which uses YAML.unsafe_load to convert the YAML data into Ruby objects. An attacker supplying crafted data to the database can perform remote code execution (RCE), resulting in complete system compromise."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2022-32224", "public_date": "2022-07-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-32224\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-32224\nhttps://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017"], "threat_severity": "Critical", "upstream_fix": "rubygem-activerecord 7.0.3.1, rubygem-activerecord 6.1.6.1, rubygem-activerecord 6.0.5.1, rubygem-activerecord 5.2.8.1"}