CVE-2014-0080

Опубликовано: 18 фев. 2014

Источник: redhat

CVSS2: 4.3

EPSS Низкий

Описание

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on array columns.

Отчет

Not vulnerable. This issue did not affect the versions of rubygem-activerecord as shipped with CloudForms, OpenShift Enterprise 1 and 2, Red Hat Enterprise Linux OpenStack Platform 3 and 4, Red Hat Software Collections 1 and Subscription Asset Manager as they did not include the vulnerable code.

Затронутые пакеты

Платформа	Пакет	Состояние
CloudForms Management Engine 5	ruby193-rubygem-activerecord	Not affected
OpenShift Enterprise 1	ruby193-rubygem-activerecord	Not affected
Red Hat OpenStack Platform 3	ruby193-rubygem-activerecord	Not affected
Red Hat OpenStack Platform 4	ruby193-rubygem-activerecord	Not affected
Red Hat Satellite 6	ruby193-rubygem-activerecord	Not affected
Red Hat Software Collections	ror40-rubygem-activerecord	Not affected
Red Hat Software Collections	ruby193-rubygem-activerecord	Not affected
Red Hat Subscription Asset Manager	ruby193-rubygem-activerecord	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1065517rubygem-activerecord: PostgreSQL array data injection vulnerability

EPSS

Процентиль: 48%

0.00248

Низкий

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2014-0080

ubuntu

почти 12 лет назад

CVE-2014-0080

nvd

почти 12 лет назад

CVE-2014-0080

debian

почти 12 лет назад

SQL injection vulnerability in activerecord/lib/active_record/connecti ...

GHSA-hqf9-rc9j-5fmj

github

больше 8 лет назад

Array data injection vulnerability in activerecord

EPSS

Процентиль: 48%

0.00248

Низкий

4.3 Medium

CVSS2