N/A

CVSS Score

Basic Information

CVE ID

CVE-2012-2660

GHSA ID

GHSA-hgpp-pp89-4fgf

EPSS Score

0.63223%

CWE

CWE-284

Published

10/24/2017

Updated

1/22/2025

KEV Status

Technology

Ruby

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2012-2660

CVE-2012-2660: Action Pack contains database-query restrictions bypass

actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 2.3.16, 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain [nil] values, a related issue to CVE-2012-2694.

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

CVE-2012-2660

GHSA ID

GHSA-hgpp-pp89-4fgf

EPSS Score

0.63223%

CWE

CWE-284

Published

10/24/2017

Updated

1/22/2025

KEV Status

Technology

Ruby

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
actionpack	rubygems	>= 3.1.0, < 3.1.5	3.1.5
actionpack	rubygems	>= 3.2.0, < 3.2.4	3.2.4
actionpack	rubygems	>= 3.0.0.beta, < 3.0.13	3.0.13
actionpack	rubygems	< 2.3.16	2.3.16

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from parameter parsing differences between Rack and Active Record. The commit 61eed87 introduced deep_munge to sanitize parameters by replacing [nil] with nil. In vulnerable versions, parse_query (called during request parameter processing) lacked this sanitization, allowing crafted [nil] values to propagate through parameter handling. This mismatch enabled attackers to inject NULL checks via array-wrapped nil parameters. The file path in the CVE description and the patched method's location confirm this analysis.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

`**tionp**k/li*/**tion_*isp*t**/*ttp/r*qu*st.r*` in Ru*y on R*ils ***or* *.*.**, *.*.x ***or* *.*.**, *.*.x ***or* *.*.*, *n* *.*.x ***or* *.*.* *o*s not prop*rly *onsi**r *i***r*n**s in p*r*m*t*r **n*lin* **tw**n t** **tiv* R**or* *ompon*nt *n* t**

Reasoning

T** vuln*r**ility st*ms *rom p*r*m*t*r p*rsin* *i***r*n**s **tw**n R**k *n* **tiv* R**or*. T** *ommit ******* intro*u*** ***p_mun** to s*nitiz* p*r*m*t*rs *y r*pl**in* [nil] wit* nil. In vuln*r**l* v*rsions, p*rs*_qu*ry (**ll** *urin* r*qu*st p*r*m*t

N/A

Basic Information

Concerned about an active attack path?

CVE-2012-2660: Action Pack contains database-query restrictions bypass

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI