CVE-2012-2660: Action Pack contains database-query restrictions bypass
N/A
CVSS Score
Basic Information
CVE ID
GHSA ID
EPSS Score
0.63223%
CWE
Published
10/24/2017
Updated
1/22/2025
KEV Status
No
Technology
Ruby
Technical Details
CVSS Vector
-
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
actionpack | rubygems | >= 3.1.0, < 3.1.5 | 3.1.5 |
actionpack | rubygems | >= 3.2.0, < 3.2.4 | 3.2.4 |
actionpack | rubygems | >= 3.0.0.beta, < 3.0.13 | 3.0.13 |
actionpack | rubygems | < 2.3.16 | 2.3.16 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from parameter parsing differences between Rack and Active Record. The commit 61eed87 introduced deep_munge to sanitize parameters by replacing [nil] with nil. In vulnerable versions, parse_query (called during request parameter processing) lacked this sanitization, allowing crafted [nil] values to propagate through parameter handling. This mismatch enabled attackers to inject NULL checks via array-wrapped nil parameters. The file path in the CVE description and the patched method's location confirm this analysis.