YAML Serialized Columns Escalation to Remote Code Execution (RCE) Vulnerability

YAML Serialized Columns Escalation to Remote Code Execution (RCE) Vulnerability

CVE-2022-32224 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.