Miggo Logo

CVE-2013-6417: actionpack allows bypass of database-query restrictions

6.4

CVSS Score

Basic Information

EPSS Score
0.65522%
Published
10/24/2017
Updated
8/25/2023
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
AV:N/AC:L/Au:N/C:P/I:P/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
actionpackrubygems>= 3.0.0, < 3.2.163.2.16
actionpackrubygems>= 4.0.0, < 4.0.24.0.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from how parameters are merged from Rack middleware into Rails' parameter handling. ActionDispatch::Request#parameters is the central method responsible for collecting parameters from various parsers. The incomplete fix for CVE-2013-0155 left a gap where middleware could inject unvalidated parameters (e.g., via JSON parsing) that bypass Active Record's query restrictions. This method's aggregation logic failed to properly sanitize parameters from non-Rails parsers, enabling the bypass.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

`**tionp**k/li*/**tion_*isp*t**/*ttp/r*qu*st.r*` in Ru*y on R*ils ***or* *.*.** *n* *.x ***or* *.*.* *o*s not prop*rly *onsi**r *i***r*n**s in p*r*m*t*r **n*lin* **tw**n t** **tiv* R**or* *ompon*nt *n* t** JSON impl*m*nt*tion, w*i** *llows r*mot* *tt

Reasoning

T** vuln*r**ility st*ms *rom *ow p*r*m*t*rs *r* m*r*** *rom R**k mi**l*w*r* into R*ils' p*r*m*t*r **n*lin*. `**tion*isp*t**::R*qu*st#p*r*m*t*rs` is t** **ntr*l m*t*o* r*sponsi*l* *or *oll**tin* p*r*m*t*rs *rom v*rious p*rs*rs. T** in*ompl*t* *ix *or