N/A

CVSS Score

Basic Information

CVE ID

CVE-2012-2694

GHSA ID

GHSA-q34c-48gc-m9g8

EPSS Score

0.54906%

CWE

Published

10/24/2017

Updated

1/20/2025

KEV Status

Technology

Ruby

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2012-2694

CVE-2012-2694: actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request

actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain ['xyz', nil] values, a related issue to CVE-2012-2660.

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

CVE-2012-2694

GHSA ID

GHSA-q34c-48gc-m9g8

EPSS Score

0.54906%

CWE

Published

10/24/2017

Updated

1/20/2025

KEV Status

Technology

Ruby

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
actionpack	rubygems	>= 3.1.0, < 3.1.6	3.1.6
actionpack	rubygems	>= 3.2.0, < 3.2.6	3.2.6
actionpack	rubygems	>= 3.0.13, < 3.0.14	3.0.14

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from the order of operations in the deep_munge method. Pre-patch, it processed nested structures first and then removed [nil] values. This allowed arrays with nil elements to persist during parameter parsing. The fix (2f3bc04) moved the [nil] key removal to the start of the method and added v.compact! to sanitize arrays, directly addressing the bypass. The CVE description explicitly references parameter handling discrepancies between Rack and Active Record, which this function mediates.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

`**tionp**k/li*/**tion_*isp*t**/*ttp/r*qu*st.r*` in Ru*y on R*ils ***or* *.*.**, *.*.x ***or* *.*.*, *n* *.*.x ***or* *.*.* *o*s not prop*rly *onsi**r *i***r*n**s in p*r*m*t*r **n*lin* **tw**n t** **tiv* R**or* *ompon*nt *n* t** R**k int*r****, w*i**

Reasoning

T** vuln*r**ility st*ms *rom t** or**r o* op*r*tions in t** ***p_mun** m*t*o*. Pr*-p*t**, it pro**ss** n*st** stru*tur*s *irst *n* t**n r*mov** [nil] v*lu*s. T*is *llow** *rr*ys wit* nil *l*m*nts to p*rsist *urin* p*r*m*t*r p*rsin*. T** *ix (*******)

N/A

Basic Information

Concerned about an active attack path?

CVE-2012-2694: actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI