Security restrictions bypass in Ruby on Rails - CVE-2016-6317
Published: September 14, 2016 / Updated: September 22, 2017
Vulnerability identifier: #VU8576
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-6317
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Rails
Affected software:
Ruby on Rails
Ruby on Rails
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass certain security restrictions.
Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values.
How to mitigate CVE-2016-6317
Update to version 4.2.7.1.