GHSA-hqf9-rc9j-5fmj
Suggest an improvement- Source
- https://github.com/advisories/GHSA-hqf9-rc9j-5fmj
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-hqf9-rc9j-5fmj/GHSA-hqf9-rc9j-5fmj.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-hqf9-rc9j-5fmj
- Aliases
-
- CVE-2014-0080
- Published
- 2017-10-24T18:33:36Z
- Modified
- 2024-12-08T05:37:06.824792Z
- Summary
- Array data injection vulnerability in activerecord
- Details
-
SQL injection vulnerability in
activerecord/lib/active_record/connection_adapters/postgresql/cast.rbin Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving\(backslash) characters that are not properly handled in operations on array columns. - Database specific
{ "nvd_published_at": "2014-02-20T15:27:02Z", "cwe_ids": [ "CWE-89" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:40:47Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2014-0080
- https://github.com/advisories/GHSA-hqf9-rc9j-5fmj
- https://github.com/rails/rails/tree/main/activerecord
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-0080.yml
- https://web.archive.org/web/20210301004521/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ
- http://openwall.com/lists/oss-security/2014/02/18/9
Affected packages
RubyGems / activerecord
Package
- Name
- activerecord
- Purl
- pkg:gem/activerecord
RubyGems / activerecord
Package
- Name
- activerecord
- Purl
- pkg:gem/activerecord