← Zuruck zu CVEs

CVE-2022-32224

CRITICAL

9.8

Beschreibung

A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE.

CVE Details

CVSS v3.1 Bewertung9.8

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht12/5/2022

Zuletzt geandert4/24/2025

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

activerecord_project:activerecord

Schwachen (CWE)

CWE-502CWE-502

Referenzen

https://github.com/advisories/GHSA-3hhc-qp5v-9p2j(support@hackerone.com)

https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U(support@hackerone.com)

https://github.com/advisories/GHSA-3hhc-qp5v-9p2j(af854a3a-2127-422b-91ae-364da2661108)

https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.