6.4

CVSS Score

Basic Information

CVE ID

CVE-2013-0155

GHSA ID

GHSA-gppp-5xc5-wfpx

EPSS Score

0.93217%

CWE

CWE-284

Published

10/24/2017

Updated

8/25/2023

KEV Status

Technology

Ruby

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2013-0155

CVE-2013-0155: Active Record allows bypassing of database-query restrictions

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660 and CVE-2012-2694.

(GitHub Advisory)

6.4

CVSS Score

Basic Information

CVE ID

CVE-2013-0155

GHSA ID

GHSA-gppp-5xc5-wfpx

EPSS Score

0.93217%

CWE

CWE-284

Published

10/24/2017

Updated

8/25/2023

KEV Status

Technology

Ruby

Technical Details

CVSS Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
activerecord	rubygems	>= 3.0.0, < 3.0.19	3.0.19
activerecord	rubygems	>= 3.1.0, < 3.1.10	3.1.10
activerecord	rubygems	>= 3.2.0, < 3.2.11	3.2.11

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from how Active Record processes parameters for query generation. Key functions like where and find_by handle user input without properly sanitizing arrays containing nil values. The PredicateBuilder's build_from_hash method is directly responsible for converting parameters into SQL conditions, and its failure to handle [nil] arrays results in unsafe queries. These functions appear in stack traces when processing malicious parameters, making them critical runtime indicators.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Ru*y on R*ils *.*.x ***or* *.*.**, *.*.x ***or* *.*.**, *n* *.*.x ***or* *.*.** *o*s not prop*rly *onsi**r *i***r*n**s in p*r*m*t*r **n*lin* **tw**n t** **tiv* R**or* *ompon*nt *n* t** JSON impl*m*nt*tion, w*i** *llows r*mot* *tt**k*rs to *yp*ss int*

Reasoning

T** vuln*r**ility st*ms *rom *ow **tiv* R**or* pro**ss*s p*r*m*t*rs *or qu*ry **n*r*tion. K*y *un*tions lik* `w**r*` *n* `*in*_*y` **n*l* us*r input wit*out prop*rly s*nitizin* *rr*ys *ont*inin* nil v*lu*s. T** Pr**i**t**uil**r's `*uil*_*rom_**s*` m*

6.4

Basic Information

Concerned about an active attack path?

CVE-2013-0155: Active Record allows bypassing of database-query restrictions

6.4

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI