QwikSec

Security Database

CVE

CWE

Training

CVE-2022-32224

Published: Dec 5, 2022

Modified: May 11, 2026

PUBLISHED

Description

A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE.

Vendor	Product	Versions
n/a	https://github.com/rails/rails	affected `7.0.3.1, 6.1.6.1, 6.0.5.1, 5.2.8.1`

Weaknesses (CWE)

References

https://github.com/advisories/GHSA-3hhc-qp5v-9p2j

https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2022-32224 - Security Vulnerability | QwikSec