Max CVSS | 7.5 | Min CVSS | 6.4 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2013-0156 | 7.5 |
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection
|
13-02-2023 - 00:27 | 13-01-2013 - 22:55 | |
CVE-2012-6496 | 7.5 |
SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior o
|
08-08-2019 - 15:42 | 04-01-2013 - 04:46 | |
CVE-2013-0155 | 6.4 |
Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass inte
|
08-08-2019 - 15:42 | 13-01-2013 - 22:55 |