Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-3482

Опубликовано: 02 июл. 2014
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting.

It was discovered that Active Record did not properly quote values of the bitstring type attributes when using the PostgreSQL database adapter. A remote attacker could possibly use this flaw to conduct an SQL injection attack against applications using Active Record.

Отчет

This issue does not affect CloudForms 5 as it does not use the "bitstring" data type anywhere in the product.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5ruby193-rubygem-activerecordNot affected
OpenShift Enterprise 1ruby193-rubygem-activerecordWill not fix
Red Hat OpenStack Platform 3ruby193-rubygem-activerecordWill not fix
Red Hat OpenStack Platform 4ruby193-rubygem-activerecordAffected
Red Hat Software Collectionsror40-rubygem-activerecordNot affected
Red Hat Subscription Asset Managerruby193-rubygem-activerecordWill not fix
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6ruby193-rubygem-activerecordFixedRHSA-2014:087614.07.2014
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUSruby193-rubygem-activerecordFixedRHSA-2014:087614.07.2014
Red Hat Software Collections 1 for Red Hat Enterprise Linux 7ruby193-rubygem-activerecordFixedRHSA-2014:087614.07.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-89
https://bugzilla.redhat.com/show_bug.cgi?id=1114425rubygem-activerecord: SQL injection vulnerability in 'bitstring' quoting

EPSS

Процентиль: 81%
0.01531
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-3482

ubuntu
больше 11 лет назад

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting.

nvd логотип

CVE-2014-3482

nvd
больше 11 лет назад

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting.

debian логотип

CVE-2014-3482

debian
больше 11 лет назад

SQL injection vulnerability in activerecord/lib/active_record/connecti ...

github логотип

GHSA-mhwp-qhpc-h3jm

github
больше 8 лет назад

SQL Injection in Active Record

EPSS

Процентиль: 81%
0.01531
Низкий

4.3 Medium

CVSS2