7.5

CVSS Score

3.0

Basic Information

CVE ID

CVE-2016-6317

GHSA ID

GHSA-pr3r-4wrp-r2pv

EPSS Score

0.58745%

CWE

CWE-284

Published

10/24/2017

Updated

7/4/2023

KEV Status

Technology

Ruby

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2016-6317

CVE-2016-6317: ActiveRecord in Ruby on Rails allows database-query bypass

Active Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.

(GitHub Advisory)

7.5

CVSS Score

3.0

Basic Information

CVE ID

CVE-2016-6317

GHSA ID

GHSA-pr3r-4wrp-r2pv

EPSS Score

0.58745%

CWE

CWE-284

Published

10/24/2017

Updated

7/4/2023

KEV Status

Technology

Ruby

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
activerecord	rubygems	>= 4.2.0, <= 4.2.7.0	4.2.7.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper handling of parameter arrays containing nil values and empty hashes in query construction. The primary vulnerable function is ActiveRecord::QueryMethods#where which processes WHERE clause conditions. The patch modifies this method to add safeguards against empty hashes and [nil] values. Dynamic finders (find_by_*) that rely on where() inherit this vulnerability. The evidence comes from the security advisory's description of NULL check bypass and the nature of fixes shown in referenced patches that modify query generation logic.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

**tiv* R**or* in Ru*y on R*ils *.*.x ***or* *.*.*.* *o*s not prop*rly *onsi**r *i***r*n**s in p*r*m*t*r **n*lin* **tw**n t** **tiv* R**or* *ompon*nt *n* t** JSON impl*m*nt*tion, w*i** *llows r*mot* *tt**k*rs to *yp*ss int*n*** **t***s*-qu*ry r*stri*t

Reasoning

T** vuln*r**ility st*ms *rom improp*r **n*lin* o* p*r*m*t*r *rr*ys *ont*inin* nil v*lu*s *n* *mpty **s**s in qu*ry *onstru*tion. T** prim*ry vuln*r**l* *un*tion is **tiv*R**or*::Qu*ryM*t*o*s#w**r* w*i** pro**ss*s W**R* *l*us* *on*itions. T** p*t** mo

7.5

Basic Information

Concerned about an active attack path?

CVE-2016-6317: ActiveRecord in Ruby on Rails allows database-query bypass

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI