Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-3483

Опубликовано: 02 июл. 2014
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting.

It was discovered that Active Record did not properly quote values of the range type attributes when using the PostgreSQL database adapter. A remote attacker could possibly use this flaw to conduct an SQL injection attack against applications using Active Record.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5ruby193-rubygem-activerecordNot affected
OpenShift Enterprise 1ruby193-rubygem-activerecordNot affected
Red Hat OpenStack Platform 3ruby193-rubygem-activerecordNot affected
Red Hat OpenStack Platform 4ruby193-rubygem-activerecordNot affected
Red Hat Software Collectionsruby193-rubygem-activerecordNot affected
Red Hat Subscription Asset Managerruby193-rubygem-activerecordNot affected
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6ror40-rubygem-activerecordFixedRHSA-2014:087714.07.2014
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUSror40-rubygem-activerecordFixedRHSA-2014:087714.07.2014
Red Hat Software Collections 1 for Red Hat Enterprise Linux 7ror40-rubygem-activerecordFixedRHSA-2014:087714.07.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-89
https://bugzilla.redhat.com/show_bug.cgi?id=1114427rubygem-activerecord: SQL injection vulnerability in 'range' quoting

EPSS

Процентиль: 79%
0.0125
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-3483

ubuntu
больше 11 лет назад

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting.

nvd логотип

CVE-2014-3483

nvd
больше 11 лет назад

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting.

debian логотип

CVE-2014-3483

debian
больше 11 лет назад

SQL injection vulnerability in activerecord/lib/active_record/connecti ...

github логотип

GHSA-r8fh-hq2p-7qhq

github
больше 8 лет назад

Active Record contains SQL Injection via improper range quoting

EPSS

Процентиль: 79%
0.0125
Низкий

4.3 Medium

CVSS2