VYPR
Critical severity9.8NVD Advisory· Published Dec 5, 2022· Updated May 11, 2026

CVE-2022-32224

CVE-2022-32224

Description

A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
activerecordRubyGems
>= 7.0.0, < 7.0.3.17.0.3.1
activerecordRubyGems
>= 6.1.0, < 6.1.6.16.1.6.1
activerecordRubyGems
>= 6.0.0, < 6.0.5.16.0.5.1
activerecordRubyGems
< 5.2.8.15.2.8.1

Affected products

7

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.