Miggo Logo

CVE-2012-2660: Action Pack contains database-query restrictions bypass

N/A

CVSS Score

Basic Information

EPSS Score
0.63223%
Published
10/24/2017
Updated
1/22/2025
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
actionpackrubygems>= 3.1.0, < 3.1.53.1.5
actionpackrubygems>= 3.2.0, < 3.2.43.2.4
actionpackrubygems>= 3.0.0.beta, < 3.0.133.0.13
actionpackrubygems< 2.3.162.3.16

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from parameter parsing differences between Rack and Active Record. The commit 61eed87 introduced deep_munge to sanitize parameters by replacing [nil] with nil. In vulnerable versions, parse_query (called during request parameter processing) lacked this sanitization, allowing crafted [nil] values to propagate through parameter handling. This mismatch enabled attackers to inject NULL checks via array-wrapped nil parameters. The file path in the CVE description and the patched method's location confirm this analysis.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

`**tionp**k/li*/**tion_*isp*t**/*ttp/r*qu*st.r*` in Ru*y on R*ils ***or* *.*.**, *.*.x ***or* *.*.**, *.*.x ***or* *.*.*, *n* *.*.x ***or* *.*.* *o*s not prop*rly *onsi**r *i***r*n**s in p*r*m*t*r **n*lin* **tw**n t** **tiv* R**or* *ompon*nt *n* t**

Reasoning

T** vuln*r**ility st*ms *rom p*r*m*t*r p*rsin* *i***r*n**s **tw**n R**k *n* **tiv* R**or*. T** *ommit ******* intro*u*** ***p_mun** to s*nitiz* p*r*m*t*rs *y r*pl**in* [nil] wit* nil. In vuln*r**l* v*rsions, p*rs*_qu*ry (**ll** *urin* r*qu*st p*r*m*t