CVE-2022-32224

CVE-2022-32224

Vendor N/A
Product https://github.com/rails/rails
Weakness CWE-502 · Unsafe deserialization
Published December 5, 2022
Last update May 11, 2026

CVSS base score

What the vulnerability does

01Description

A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE.

Key dates

02Disclosure timeline

December 5, 2022 CVE published
May 11, 2026 Record updated