CVE-2016-6317

HIGH

Ruby on Rails 4.2.x <4.2.7.1 - Info Disclosure

Title source: llm

Description

Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.

Exploits (1)

nomisec STUB

by kavgan · poc

https://github.com/kavgan/vuln_test_repo_public_ruby_gemfile_cve-2016-6317

View Code ZIP pw:eip

References (5)

[Mailing List] https://groups.google.com/forum/#%21topic/ruby-security-ann/WccgKSKiPZA

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2016-1855.html

[Release Notes] http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2016/08/11/4

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/92434

Scores

CVSS v3 7.5

EPSS 0.0038

EPSS Percentile 59.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-284 CWE-476

Status published

Products (11)

rubygems/activerecord 4.2.0 - 4.2.7.1RubyGems

rubyonrails/rails 4.2.0 (8 CPE variants)

rubyonrails/rails 4.2.1 (5 CPE variants)

rubyonrails/rails 4.2.2

rubyonrails/rails 4.2.3 (2 CPE variants)

rubyonrails/rails 4.2.4 (2 CPE variants)

rubyonrails/rails 4.2.5 (3 CPE variants)

rubyonrails/rails 4.2.5.1

rubyonrails/rails 4.2.5.2

rubyonrails/rails 4.2.6 (2 CPE variants)

... and 1 more

Published Sep 07, 2016

Tracked Since Feb 18, 2026