GHSA-r8fh-hq2p-7qhq
Suggest an improvement- Source
- https://github.com/advisories/GHSA-r8fh-hq2p-7qhq
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-r8fh-hq2p-7qhq/GHSA-r8fh-hq2p-7qhq.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-r8fh-hq2p-7qhq
- Aliases
- Published
- 2017-10-24T18:33:36Z
- Modified
- 2024-11-29T05:28:07.785614Z
- Summary
- Active Record contains SQL Injection via improper range quoting
- Details
-
SQL injection vulnerability in activerecord/lib/activerecord/connectionadapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting.
- Database specific
{ "cwe_ids": [ "CWE-89" ], "nvd_published_at": "2014-07-07T11:01:30Z", "severity": "HIGH", "github_reviewed_at": "2020-06-16T21:54:02Z", "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2014-3483
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3483.yml
- https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J
- https://web.archive.org/web/20200228150648/http://www.securityfocus.com/bid/68341
- http://openwall.com/lists/oss-security/2014/07/02/5
- http://rhn.redhat.com/errata/RHSA-2014-0877.html
- http://www.debian.org/security/2014/dsa-2982
Affected packages
RubyGems / activerecord
Package
- Name
- activerecord
- Purl
- pkg:gem/activerecord
RubyGems / activerecord
Package
- Name
- activerecord
- Purl
- pkg:gem/activerecord