CVE-2012-6497

Source
https://nvd.nist.gov/vuln/detail/CVE-2012-6497
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2012-6497.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2012-6497
Aliases
Downstream
Published
2013-01-04T04:46:02Z
Modified
2025-08-09T20:01:26Z
Summary
[none]
Details

The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe findbyid method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secrettoken value, as demonstrated by a value contained in secrettoken.rb in an open-source product.

References

Affected packages