Miggo Logo
Miggo Vulnerability Database
CVE-2018-18476

CVE-2018-18476: mysql-bunuuid-rails vulnerable to SQL injection

9.8

CVSS Score
3.0

Basic Information

CVE ID
CVE-2018-18476
GHSA ID
GHSA-6j63-35hj-vmcg
EPSS Score
0.53401%
CWE
CWE-89
Published
10/30/2018
Updated
8/25/2023
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
mysql-binuuid-railsrubygems< 1.1.11.1.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from improper input validation in the serialize method handling UUID conversion. The pre-patch implementation in lib/mysql-binuuid/type.rb's serialize method removed UUID dashes but didn't validate if the result was a valid 32-character hexadecimal string. This allowed attackers to inject arbitrary SQL through malformed UUID values, as ActiveRecord's Binary type relies on implicit hex conversion for safety. The fix added a regex validation (valid_undashed_uuid?) to enforce hexadecimal format, which confirms this was the vulnerable point. The added test cases explicitly demonstrate SQL injection prevention through this validation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

mysql-*inuui*-r*ils *.*.* *n* **rli*r *llows SQL Inj**tion ****us* it r*mov*s ****ult strin* *s**pin* *or *****t** **t***s* *olumns.

Reasoning

T** vuln*r**ility st*mm** *rom improp*r input v*li**tion in t** s*ri*liz* m*t*o* **n*lin* UUI* *onv*rsion. T** pr*-p*t** impl*m*nt*tion in li*/mysql-*inuui*/typ*.r*'s s*ri*liz* m*t*o* r*mov** UUI* **s**s *ut *i*n't v*li**t* i* t** r*sult w*s * v*li*