Miggo Logo

CVE-2013-1854: Active Record Improper Input Validation

N/A

CVSS Score

Basic Information

EPSS Score
0.81963%
Published
10/24/2017
Updated
8/25/2023
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
activerecordrubygems>= 2.3.0, < 2.3.182.3.18
activerecordrubygems>= 3.1.0, < 3.1.123.1.12
activerecordrubygems>= 3.2.0, < 3.2.133.2.13

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from Active Record's handling of hash keys in query methods. The 'where' method accepts user-provided hashes and processes them using internal methods like sanitize_sql_hash_for_conditions, which historically converted string keys to symbols. Since Ruby symbols are not garbage collected, attackers could send crafted requests with unique hash keys to exhaust memory. The provided patches (e.g., 3-2-attribute_symbols.patch) likely modify these functions to prevent unsafe symbolization, confirming their role in the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** **tiv* R**or* *ompon*nt in Ru*y on R*ils *.*.x ***or* *.*.**, *.*.x ***or* *.*.**, *n* *.*.x ***or* *.*.** pro**ss*s **rt*in qu*ri*s *y *onv*rtin* **s* k*ys to sym*ols, w*i** *llows r*mot* *tt**k*rs to **us* * **ni*l o* s*rvi** vi* *r**t** input

Reasoning

T** vuln*r**ility st*ms *rom **tiv* R**or*'s **n*lin* o* **s* k*ys in qu*ry m*t*o*s. T** 'w**r*' m*t*o* ****pts us*r-provi*** **s**s *n* pro**ss*s t**m usin* int*rn*l m*t*o*s lik* s*nitiz*_sql_**s*_*or_*on*itions, w*i** *istori**lly *onv*rt** strin*