Уязвимость CVE-2023-22794

Пакет	Статус	Версия исправления	Релиз	Тип
rails	fixed	2:6.1.7.3+dfsg-1		package
rails	not-affected		buster	package

CVE-2023-22794

CVSS3: 8.8

ubuntu

больше 2 лет назад

A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment.

CVE-2023-22794

CVSS3: 8.3

redhat

больше 2 лет назад

A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment.

CVE-2023-22794

CVSS3: 8.8

nvd

больше 2 лет назад

A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment.

GHSA-hq7p-j377-6v63

CVSS3: 8.8

github

больше 2 лет назад

SQL Injection Vulnerability via ActiveRecord comments

BDU:2023-07138

CVSS3: 8.8

fstec

больше 2 лет назад

Уязвимость компонента Active Record программной платформы Ruby on Rails, связанная с возможностью внедрения SQL-кода через комментарии, позволяющая нарушителю выполнить произвольный код

exploitDog

CVE-2023-22794

Описание

Пакеты

Примечания

Связанные уязвимости