-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| activerecord | rubygems | >= 3.0.0, < 3.0.19 | 3.0.19 |
| activerecord | rubygems | >= 3.1.0, < 3.1.10 | 3.1.10 |
| activerecord | rubygems | >= 3.2.0, < 3.2.11 | 3.2.11 |
RubyRubyMiggo AIRoot Cause AnalysisThe vulnerability stems from how Active Record processes parameters for query generation. Key functions like where and find_by handle user input without properly sanitizing arrays containing nil values. The PredicateBuilder's build_from_hash method is directly responsible for converting parameters into SQL conditions, and its failure to handle [nil] arrays results in unsafe queries. These functions appear in stack traces when processing malicious parameters, making them critical runtime indicators.
Ongoing coverage of React2Shell