CVE-2022-32224

activerecord: Possible RCE escalation bug with Serialized Columns in Active Record

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE.

Existe una posible escalada a la vulnerabilidad RCE cuando se utilizan columnas serializadas YAML en Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 y <5.2.8.1, lo que podría permitir a un atacante, que puede manipular datos en la base de datos (a través de medios como la inyección SQL), la capacidad de escalar a un RCE.

An insecure deserialization flaw was found in Active Record, which uses YAML.unsafe_load to convert the YAML data into Ruby objects. An attacker supplying crafted data to the database can perform remote code execution (RCE), resulting in complete system compromise.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-06-01 CVE Reserved
2022-12-05 CVE Published
2024-06-27 EPSS Updated
2024-08-03 CVE Updated
2024-08-03 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-94: Improper Control of Generation of Code ('Code Injection')
CWE-502: Deserialization of Untrusted Data

CAPEC

References (4)

URL	Tag	Source

URL	Date	SRC
https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U	2024-08-03

URL	Date	SRC
https://github.com/advisories/GHSA-3hhc-qp5v-9p2j	2022-12-08

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2022-32224	2023-05-03
https://bugzilla.redhat.com/show_bug.cgi?id=2108997	2023-05-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Activerecord Project Search vendor "Activerecord Project"		Activerecord Search vendor "Activerecord Project" for product "Activerecord"				< 5.2.8.1 Search vendor "Activerecord Project" for product "Activerecord" and version " < 5.2.8.1"		ruby		Affected
Activerecord Project Search vendor "Activerecord Project"		Activerecord Search vendor "Activerecord Project" for product "Activerecord"				>= 6.0.0 < 6.0.5.1 Search vendor "Activerecord Project" for product "Activerecord" and version " >= 6.0.0 < 6.0.5.1"		ruby		Affected
Activerecord Project Search vendor "Activerecord Project"		Activerecord Search vendor "Activerecord Project" for product "Activerecord"				>= 6.1.0 < 6.1.6.1 Search vendor "Activerecord Project" for product "Activerecord" and version " >= 6.1.0 < 6.1.6.1"		ruby		Affected
Activerecord Project Search vendor "Activerecord Project"		Activerecord Search vendor "Activerecord Project" for product "Activerecord"				>= 7.0.0 < 7.0.3.1 Search vendor "Activerecord Project" for product "Activerecord" and version " >= 7.0.0 < 7.0.3.1"		ruby		Affected