What is CVE-2013-3221?

CVE-2013-3221 is a vulnerability in Rubyonrails Rails, classified under Improper Input Validation. Published 2013-04-22.

Is CVE-2013-3221 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Rubyonrails Rails

CVE-2013-3221

The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.005 (65.6th percentile) — read the EPSS interpretation.

Affected products

Rubyonrails Rails — versions 2.3.0, 2.3.1, 2.3.2
Rubyonrails Ruby_on_rails — versions 3.0.4
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

superfish9/pt

References

cve@mitre.org (x_refsource_MISC)
[rubyonrails-security] 20130207 Potential Query Manipulation with Common Rails Practises (mailing-list, x_refsource_MLIST)
cve@mitre.org (Exploit, x_refsource_MISC)
[oss-security] 20130424 CVE-2013-3221 can also relate to Microsoft SQL Server and IBM DB2 (mailing-list, x_refsource_MLIST)
cve@mitre.org (x_refsource_CONFIRM)
[oss-security] 20130207 Potential Query Manipulation with Common Rails Practises (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2013-3221?: CVE-2013-3221 is a vulnerability in Rubyonrails Rails, classified under Improper Input Validation. Published 2013-04-22.
Is CVE-2013-3221 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.