Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2013-3221

EPSS 0.48% · P65
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2013-3221

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attacks against Ruby on Rails applications via a crafted value, as demonstrated by unintended interaction between the "typed XML" feature and a MySQL database.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Ruby on Rails Active Record组件数据类型注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Active Record是一种领域模型模式,实现了Rails的对象关系映射。 Ruby on Rails中的Active Record组件中存在漏洞,该漏洞在输入值与数据库某一列中存储值的对比时,程序并未确认该数据库列中的声明数据类型是否被使用。远程攻击者可通过特制的值利用该漏洞对Ruby on Rails应用程序实施数据类型注入攻击,如(非预期的‘类型化的XML’功能和MySQL数据库之间的交互。)以下版本中存在漏洞:Ruby on Rails 2.3.x,3.0.x,3.1.x以及3.2.x版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2013-3221

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2013-3221

登录查看更多情报信息。

Same Patch Batch · n/a · 2013-04-22 · 22 CVEs total

CVE-2013-3231Linux kernel ‘llc_ui_recvmsg’函数敏感信息漏洞
CVE-2013-2780Siemens SIMATIC 拒绝服务漏洞
CVE-2013-0700Siemens SIMATIC 拒绝服务漏洞
CVE-2013-0138BitZipper 内存破坏漏洞
CVE-2013-0122avast! Mobile Security for Android 拒绝服务漏洞
CVE-2013-3237Linux kernel ‘vsock_stream_sendmsg’函数设计错误漏洞
CVE-2013-3236Linux kernel ‘vmci_transport_dgram_dequeue’函数敏感信息漏洞
CVE-2013-3235Linux kernel ‘net/tipc/socket.c’敏感信息漏洞
CVE-2013-3234Linux kernel ‘rose_recvmsg’函数敏感信息漏洞
CVE-2013-3233Linux kernel ‘llcp_sock_recvmsg’函数敏感信息漏洞
CVE-2013-3232Linux kernel ‘nr_recvmsg’函数敏感信息漏洞
CVE-2013-3076Linux kernel crypto API 敏感信息漏洞
CVE-2013-3230Linux kernel ‘l2tp_ip6_recvmsg’函数敏感信息漏洞
CVE-2013-3229Linux kernel ‘iucv_sock_recvmsg’函数敏感信息漏洞
CVE-2013-3228Linux kernel ‘irda_recvmsg_dgram’函数敏感信息漏洞
CVE-2013-3227Linux kernel ‘caif_seqpkt_recvmsg’函数敏感信息漏洞
CVE-2013-3226Linux kernel ‘sco_sock_recvmsg’函数敏感信息漏洞
CVE-2013-3225Linux kernel ‘rfcomm_sock_recvmsg’函数敏感信息漏洞
CVE-2013-3224Linux kernel ‘bt_sock_recvmsg’函数敏感信息漏洞
CVE-2013-3223Linux kernel ‘ax25_recvmsg’函数敏感信息漏洞

Showing top 20 of 22 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2013-3221

No comments yet

Leave a comment