6.4

CVSS Score

Basic Information

CVE ID

CVE-2013-6417

GHSA ID

GHSA-wpw7-wxjm-cw8r

EPSS Score

0.65522%

CWE

CWE-284

Published

10/24/2017

Updated

8/25/2023

KEV Status

Technology

Ruby

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2013-6417

CVE-2013-6417: actionpack allows bypass of database-query restrictions

actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request that leverages (1) third-party Rack middleware or (2) custom Rack middleware. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-0155.

(GitHub Advisory)

6.4

CVSS Score

Basic Information

CVE ID

CVE-2013-6417

GHSA ID

GHSA-wpw7-wxjm-cw8r

EPSS Score

0.65522%

CWE

CWE-284

Published

10/24/2017

Updated

8/25/2023

KEV Status

Technology

Ruby

Technical Details

CVSS Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
actionpack	rubygems	>= 3.0.0, < 3.2.16	3.2.16
actionpack	rubygems	>= 4.0.0, < 4.0.2	4.0.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from how parameters are merged from Rack middleware into Rails' parameter handling. ActionDispatch::Request#parameters is the central method responsible for collecting parameters from various parsers. The incomplete fix for CVE-2013-0155 left a gap where middleware could inject unvalidated parameters (e.g., via JSON parsing) that bypass Active Record's query restrictions. This method's aggregation logic failed to properly sanitize parameters from non-Rails parsers, enabling the bypass.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

`**tionp**k/li*/**tion_*isp*t**/*ttp/r*qu*st.r*` in Ru*y on R*ils ***or* *.*.** *n* *.x ***or* *.*.* *o*s not prop*rly *onsi**r *i***r*n**s in p*r*m*t*r **n*lin* **tw**n t** **tiv* R**or* *ompon*nt *n* t** JSON impl*m*nt*tion, w*i** *llows r*mot* *tt

Reasoning

T** vuln*r**ility st*ms *rom *ow p*r*m*t*rs *r* m*r*** *rom R**k mi**l*w*r* into R*ils' p*r*m*t*r **n*lin*. `**tion*isp*t**::R*qu*st#p*r*m*t*rs` is t** **ntr*l m*t*o* r*sponsi*l* *or *oll**tin* p*r*m*t*rs *rom v*rious p*rs*rs. T** in*ompl*t* *ix *or

6.4

Basic Information

Concerned about an active attack path?

CVE-2013-6417: actionpack allows bypass of database-query restrictions

6.4

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI