CVE-2022-32224

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-32224

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-32224.json

Aliases

GHSA-3hhc-qp5v-9p2j

Related

RLSA-2023:2097

Published

2022-12-05T22:15:10Z

Modified

2023-11-08T04:09:35.754224Z

Details

A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE.

References

https://github.com/advisories/GHSA-3hhc-qp5v-9p2j
https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

Affected packages

Git / github.com/rails/rails

Affected ranges

Type: GIT
Repo: https://github.com/rails/rails
Events: Fixed

8030cff808657faa44828de001cd3b80364597de

Introduced

66cabeda2c46c582d19738e1318be8d59584cc5b

Introduced

914caca2d31bd753f47f9168f2a375921d9e91cc

Introduced

984c3ef2775781d47efa9f541ce570daa2434a80