CVE-2012-2661: SQL injection vulnerability in Active Record

June 22, 2012 (updated August 8, 2019)

Due to the way Active Record handles nested query parameters, an attacker can use a specially crafted request to inject some forms of SQL into your application’s SQL queries.

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661
github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718
github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml

Code Behaviors & Features

Detect and mitigate CVE-2012-2661 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →