7.5

CVSS Score

Basic Information

CVE ID

CVE-2012-2695

GHSA ID

GHSA-76wq-xw4h-f8wj

EPSS Score

0.69617%

CWE

CWE-89

Published

10/24/2017

Updated

1/21/2025

KEV Status

Technology

Ruby

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2012-2695

CVE-2012-2695:
activerecord vulnerable to SQL Injection

The Active Record component in Ruby on Rails efore 2.3.15, 3.0.x before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661.

(GitHub Advisory)

7.5

CVSS Score

Basic Information

CVE ID

CVE-2012-2695

GHSA ID

GHSA-76wq-xw4h-f8wj

EPSS Score

0.69617%

CWE

CWE-89

Published

10/24/2017

Updated

1/21/2025

KEV Status

Technology

Ruby

Technical Details

CVSS Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
activerecord	rubygems	>= 3.1.0, < 3.1.6	3.1.6
activerecord	rubygems	>= 3.2.0, < 3.2.6	3.2.6
activerecord	rubygems	>= 3.0.0.beta, < 3.0.14	3.0.14
activerecord	rubygems	< 2.3.15	2.3.15

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The GitHub commit shows critical modifications to sanitize_sql_hash_for_conditions where a 'top_level' parameter was added and nested hash processing was restricted. The original implementation allowed arbitrary nested hash processing (via recursive calls) which could be exploited to inject SQL fragments. The added 'raise ActiveRecord::StatementInvalid' in non-top-level nested cases and test cases validating this behavior confirm this was the attack vector. The CVE description explicitly references improper handling of nested hashes in ActiveRecord's where method implementation, which maps directly to this function's responsibility for processing query conditions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** **tiv* R**or* *ompon*nt in Ru*y on R*ils **or* *.*.**, *.*.x ***or* *.*.**, *.*.x ***or* *.*.*, *n* *.*.x ***or* *.*.* *o*s not prop*rly impl*m*nt t** p*ssin* o* r*qu*st **t* to * w**r* m*t*o* in *n **tiv*R**or* *l*ss, w*i** *llows r*mot* *tt**k*

Reasoning

T** *it*u* *ommit s*ows *riti**l mo*i*i**tions to s*nitiz*_sql_**s*_*or_*on*itions w**r* * 'top_l*v*l' p*r*m*t*r w*s ***** *n* n*st** **s* pro**ssin* w*s r*stri*t**. T** ori*in*l impl*m*nt*tion *llow** *r*itr*ry n*st** **s* pro**ssin* (vi* r**ursiv*

7.5

Basic Information

Concerned about an active attack path?

CVE-2012-2695: activerecord vulnerable to SQL Injection

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2012-2695:
activerecord vulnerable to SQL Injection

Vulnerability Intelligence
Miggo AI