Ruby on Rails Parameter Handling Vulnerability Affects Multiple Versions
CVE-2012-2660
Currently unrated
What is CVE-2012-2660?
A vulnerability in Ruby on Rails exists due to the mishandling of parameter differences between Active Record and Rack, specifically in actionpack/lib/action_dispatch/http/request.rb. This flaw allows remote attackers to craft requests that can bypass intended database-query restrictions, potentially executing unauthorized NULL checks. The exploitation of this vulnerability can lead to significant security implications for applications relying on these affected versions of Ruby on Rails.