Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attacks against Ruby on Rails applications via a crafted value, as demonstrated by unintended interaction between the "typed XML" feature and a MySQL database.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ruby on Rails Active Record组件数据类型注入漏洞
Vulnerability Description
Active Record是一种领域模型模式,实现了Rails的对象关系映射。 Ruby on Rails中的Active Record组件中存在漏洞,该漏洞在输入值与数据库某一列中存储值的对比时,程序并未确认该数据库列中的声明数据类型是否被使用。远程攻击者可通过特制的值利用该漏洞对Ruby on Rails应用程序实施数据类型注入攻击,如(非预期的‘类型化的XML’功能和MySQL数据库之间的交互。)以下版本中存在漏洞:Ruby on Rails 2.3.x,3.0.x,3.1.x以及3.2.x版本。
CVSS Information
N/A
Vulnerability Type
N/A