Exploit Report

Computer Security And Bug Information

CVE-2022-32224

CVECVE-2022-32224
CVE Ordinal Value237227
Published Date2022-12-05T22:15Z
Modified Date2022-12-08T13:20Z
CWE TypeCWE-502
CVSS 3.xCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
DescriptionA possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE.
References
By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites.
Reference URLhttps://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U
Reference DescriptionMISC https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U
Reference URLhttps://github.com/advisories/GHSA-3hhc-qp5v-9p2j
Reference DescriptionMISC https://github.com/advisories/GHSA-3hhc-qp5v-9p2j
TagsExploit Mailing List Third Party Advisory
Sources NIST MITRE

This site's data is aggregated programmatically and provided "as is" without any representations or warranties, express or implied. Exploit.report is not affiliated with the The MITRE Corporation, U.S. Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), or US government in any way. CVE and the CVE logo are registered trademarks of The MITRE Corporation

© 2022 Exploit.Report | Data | Contact | Privacy Policy | Articles