9.8
CVE-2022-32224
- EPSS 2.39%
- Veröffentlicht 05.12.2022 22:15:10
- Zuletzt bearbeitet 11.05.2026 18:16:29
- Quelle support@hackerone.com
- CVE-Watchlists
- Unerledigt
LoginA possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Activerecord Project ≫ Activerecord SwPlatformruby Version < 5.2.8.1
Activerecord Project ≫ Activerecord SwPlatformruby Version >= 6.0.0 < 6.0.5.1
Activerecord Project ≫ Activerecord SwPlatformruby Version >= 6.1.0 < 6.1.6.1
Activerecord Project ≫ Activerecord SwPlatformruby Version >= 7.0.0 < 7.0.3.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.39% | 0.817 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
https://github.com/advisories/GHSA-3hhc-qp5v-9p2j
https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U
https://lists.debian.org/debian-lts-announce/2026/05/msg00022.html